20 years ago we released Holodeck, an advanced fault simulation testing tool for Windows applications. While obsolete today, it was a brilliant tool (if we do say so ourselves) that allowed the user to create very difficult-to-replicate test scenarios with the click of a mouse, e.g.,
- Corrupt a file needed by the App Under Test (AUT)
- Constrain available memory only for the AUT
- Reduce network bandwidth available to the AUT
- Fuzz input to force the AUT to process unexpected data such as long strings, abrupt nulls, etc.
Can you get Holodeck running on an older version of Window (or virtual machine) and execute some test cases?
- Download and install Windows XP, Service Pack 3
- To run this, you will need a virtual machine. You can use something like VMWare Fusion, Parallels Desktop, or VirtualBox (link provided here: Windows XP virtual machine)
- Once you have a virtual machine you can download the ISO image file for WinXP SP3 here: https://archive.org/details/WinXPProSP3x86
- Download Holodeck from Github.
- Install Holodeck on Windows XP and refer to the Holodeck help file to get started
- Test any default application that’s loaded with the Windows OS (notepad.exe is an easy target)
- Send us screen shots of executed tests and win cool prizes like Security Innovation towels and travel bags – holodeckchallenge@securityinnovation.com
Quick background on Holodeck
Holodeck leverages fault injection to simulate real-world application and system errors for Windows applications and services. Testers and Developers could work in a controlled, repeatable environment to analyze and debug error-handling code and application attack surface. While Holodeck is intercepting all your system and API calls, it is also monitoring and logging them. This gives users the power to examine low-level interactions and network packets, and easily recreate and pinpoint bug-generating events. Meanwhile, the integrated debugger creates a “minidump” when errors occur and provides the exact line of code and machine state where the crash occurred. Armed with this information, you would know exactly what was happening at the time an error occurred, such as if your application was trying to access a restricted piece of memory, looking for a file that wasn’t there, or write sensitive/private data to a text file during a crash, etc.
More information can be found in a blog by one of Holodeck’s original developers, Ady Kakrania here:
Holodeck was:
- Industry’s first commercially available fault-simulation tool
- Developed by students and leading researchers at Florida Tech
- Originally used by large software vendors like Microsoft, Adobe, Symantec, EMC, and McAfee to ensure software products were secure and resilient (avoid the blue screen of death)
- Awarded a Gartner Cool Vendor award in 2004