ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 19:38:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

add Nyx mode

Browse Source
This commit is contained in:
Sergej Schumilo
2021-12-28 15:51:43 +01:00
parent f9d4dcdd85
commit 41291d8c72
11 changed files with 471 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
src/afl-fuzz.c
View File

@ -124,6 +124,8 @@ static void usage(u8 *argv0, int more_help) {
" -W - use qemu-based instrumentation with Wine (Wine "
"mode)\n"
#endif
" -X - use VM fuzzing (NYX mode)\n"
" -Y - use VM fuzzing (NYX mode - Multiprocessing)\n"
"\n"
"Mutator settings:\n"
@ -385,6 +387,75 @@ static void fasan_check_afl_preload(char *afl_preload) {
}
#ifdef __linux__
#include <dlfcn.h>
nyx_plugin_handler_t* afl_load_libnyx_plugin(u8* libnyx_binary){
void *handle;
nyx_plugin_handler_t* plugin = calloc(1, sizeof(nyx_plugin_handler_t));
ACTF("Trying to load libnyx.so plugin...");
handle = dlopen((char*) libnyx_binary, RTLD_NOW);
if (!handle) {
goto fail;
}
plugin->nyx_new = dlsym(handle, "nyx_new");
if (plugin->nyx_new == NULL){
goto fail;
}
plugin->nyx_shutdown = dlsym(handle, "nyx_shutdown");
if (plugin->nyx_shutdown == NULL){
goto fail;
}
plugin->nyx_option_set_reload_mode = dlsym(handle, "nyx_option_set_reload_mode");
if (plugin->nyx_option_set_reload_mode == NULL){
goto fail;
}
plugin->nyx_option_set_timeout = dlsym(handle, "nyx_option_set_timeout");
if (plugin->nyx_option_set_timeout == NULL){
goto fail;
}
plugin->nyx_option_apply = dlsym(handle, "nyx_option_apply");
if (plugin->nyx_option_apply == NULL){
goto fail;
}
plugin->nyx_set_afl_input = dlsym(handle, "nyx_set_afl_input");
if (plugin->nyx_set_afl_input == NULL){
goto fail;
}
plugin->nyx_exec = dlsym(handle, "nyx_exec");
if (plugin->nyx_exec == NULL){
goto fail;
}
plugin->nyx_get_bitmap_buffer = dlsym(handle, "nyx_get_bitmap_buffer");
if (plugin->nyx_get_bitmap_buffer == NULL){
goto fail;
}
plugin->nyx_get_bitmap_buffer_size = dlsym(handle, "nyx_get_bitmap_buffer_size");
if (plugin->nyx_get_bitmap_buffer_size == NULL){
goto fail;
}
OKF("libnyx plugin is ready!");
return plugin;
fail:
FATAL("failed to load libnyx: %s\n", dlerror());
free(plugin);
return NULL;
}
#endif
/* Main entry point */
int main(int argc, char **argv_orig, char **envp) {
@ -441,7 +512,7 @@ int main(int argc, char **argv_orig, char **envp) {
while ((opt = getopt(
argc, argv,
"+Ab:B:c:CdDe:E:hi:I:f:F:l:L:m:M:nNOo:p:RQs:S:t:T:UV:Wx:Z")) >
"+Ab:B:c:CdDe:E:hi:I:f:F:l:L:m:M:nNOXYo:p:RQs:S:t:T:UV:Wx:Z")) >
0) {
switch (opt) {
@ -845,6 +916,36 @@ int main(int argc, char **argv_orig, char **envp) {
afl->use_banner = optarg;
break;
#ifdef __linux__
case 'X': /* NYX mode */
if (afl->fsrv.nyx_mode) {
FATAL("Multiple -X options not supported");
}
afl->fsrv.nyx_parent = true;
afl->fsrv.nyx_standalone = true;
afl->fsrv.nyx_mode = 1;
afl->fsrv.nyx_id = 0;
break;
case 'Y': /* NYX distributed mode */
if (afl->fsrv.nyx_mode) {
FATAL("Multiple -X options not supported");
}
afl->fsrv.nyx_mode = 1;
break;
#else
case 'X':
case 'Y':
FATAL("Nyx mode is only availabe on linux...");
break;
#endif
case 'A': /* CoreSight mode */
#if !defined(__aarch64__) || !defined(__linux__)
@ -1185,6 +1286,13 @@ int main(int argc, char **argv_orig, char **envp) {
OKF("NOTE: This is v3.x which changes defaults and behaviours - see "
"README.md");
#ifdef __linux__
if (afl->fsrv.nyx_mode){
OKF("afl++ Nyx mode is enabled (developed and mainted by Sergej Schumilo)");
OKF("Nyx is open source, get it at "
"https://github.com/Nyx-Fuzz");
}
#endif
if (afl->sync_id && afl->is_main_node &&
afl->afl_env.afl_custom_mutator_only) {
@ -1227,6 +1335,33 @@ int main(int argc, char **argv_orig, char **envp) {
}
#ifdef __linux__
if (afl->fsrv.nyx_mode) {
if (afl->fsrv.nyx_standalone && strncmp(afl->sync_id, "default", strlen("default")) != 0){
FATAL("distributed fuzzing is not supported in this Nyx mode (use -Y instead)");
}
if (!afl->fsrv.nyx_standalone){
if (afl->is_main_node){
if(strncmp("0", afl->sync_id, strlen("0") != 0)){
FATAL("afl->sync_id has to be 0 in Nyx mode (-M 0)");
}
afl->fsrv.nyx_id = 0;
}
if (afl->is_secondary_node){
long nyx_id = strtol(afl->sync_id, NULL, 10);
if (nyx_id == 0 || nyx_id == LONG_MAX){
FATAL("afl->sync_id has to be numberic and >= 1 (-S id)");
}
afl->fsrv.nyx_id = nyx_id;
}
}
}
#endif
if (afl->sync_id) {
if (strlen(afl->sync_id) > 24) {
@ -1450,8 +1585,22 @@ int main(int argc, char **argv_orig, char **envp) {
afl->fsrv.use_fauxsrv = afl->non_instrumented_mode == 1 || afl->no_forkserver;
#ifdef __linux__
if (!afl->fsrv.nyx_mode){
check_crash_handling();
check_cpu_governor(afl);
}
else{
u8* libnyx_binary = find_afl_binary(argv[0], "nyx_mode/libnyx.so");
afl->fsrv.nyx_handlers = afl_load_libnyx_plugin(libnyx_binary);
if(afl->fsrv.nyx_handlers == NULL){
FATAL("failed to initialize libnyx.so...");
}
}
#else
check_crash_handling();
check_cpu_governor(afl);
#endif
if (getenv("LD_PRELOAD")) {
@ -1934,7 +2083,11 @@ int main(int argc, char **argv_orig, char **envp) {
if (!afl->queue_buf[entry]->disabled) { ++valid_seeds; }
if (!afl->pending_not_fuzzed || !valid_seeds) {
#ifdef __linux__
if(afl->fsrv.nyx_mode){
afl->fsrv.nyx_handlers->nyx_shutdown(afl->fsrv.nyx_runner);
}
#endif
FATAL("We need at least one valid input seed that does not crash!");
}