ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-16 11:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

initial integration

Browse Source
This commit is contained in:
van Hauser
2020-08-08 20:29:56 +02:00
parent ebc6f52868
commit d8f5502d83
5 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
GNUmakefile
View File

@ -513,6 +513,7 @@ clean:
$(MAKE) -C examples/argv_fuzzing clean $(MAKE) -C examples/argv_fuzzing clean
$(MAKE) -C qemu_mode/unsigaction clean $(MAKE) -C qemu_mode/unsigaction clean
$(MAKE) -C qemu_mode/libcompcov clean $(MAKE) -C qemu_mode/libcompcov clean
test -d qemu_taint/qemu && { cd qemu_taint ; ./clean.sh ; }
rm -rf qemu_mode/qemu-3.1.1 rm -rf qemu_mode/qemu-3.1.1
ifeq "$(IN_REPO)" "1" ifeq "$(IN_REPO)" "1"
test -d unicorn_mode/unicornafl && $(MAKE) -C unicorn_mode/unicornafl clean || true test -d unicorn_mode/unicornafl && $(MAKE) -C unicorn_mode/unicornafl clean || true
@ -523,6 +524,7 @@ endif
deepclean: clean deepclean: clean
rm -rf qemu_mode/qemu-3.1.1.tar.xz rm -rf qemu_mode/qemu-3.1.1.tar.xz
rm -rf qemu_taint/qemu
rm -rf unicorn_mode/unicornafl rm -rf unicorn_mode/unicornafl
git reset --hard >/dev/null 2>&1 || true git reset --hard >/dev/null 2>&1 || true
@ -580,6 +582,7 @@ install: all $(MANPAGES)
install -m 755 $(PROGS) $(SH_PROGS) $${DESTDIR}$(BIN_PATH) install -m 755 $(PROGS) $(SH_PROGS) $${DESTDIR}$(BIN_PATH)
rm -f $${DESTDIR}$(BIN_PATH)/afl-as rm -f $${DESTDIR}$(BIN_PATH)/afl-as
if [ -f afl-qemu-trace ]; then install -m 755 afl-qemu-trace $${DESTDIR}$(BIN_PATH); fi if [ -f afl-qemu-trace ]; then install -m 755 afl-qemu-trace $${DESTDIR}$(BIN_PATH); fi
if [ -f afl-qemu-taint ]; then install -m 755 afl-qemu-taint $${DESTDIR}$(BIN_PATH); fi
if [ -f afl-gcc-fast ]; then set e; install -m 755 afl-gcc-fast $${DESTDIR}$(BIN_PATH); ln -sf afl-gcc-fast $${DESTDIR}$(BIN_PATH)/afl-g++-fast; install -m 755 afl-gcc-pass.so afl-gcc-rt.o $${DESTDIR}$(HELPER_PATH); fi if [ -f afl-gcc-fast ]; then set e; install -m 755 afl-gcc-fast $${DESTDIR}$(BIN_PATH); ln -sf afl-gcc-fast $${DESTDIR}$(BIN_PATH)/afl-g++-fast; install -m 755 afl-gcc-pass.so afl-gcc-rt.o $${DESTDIR}$(HELPER_PATH); fi
if [ -f afl-clang-fast ]; then $(MAKE) -C llvm_mode install; fi if [ -f afl-clang-fast ]; then $(MAKE) -C llvm_mode install; fi
if [ -f libdislocator.so ]; then set -e; install -m 755 libdislocator.so $${DESTDIR}$(HELPER_PATH); fi if [ -f libdislocator.so ]; then set -e; install -m 755 libdislocator.so $${DESTDIR}$(HELPER_PATH); fi

1
include/envs.h
View File

@ -123,6 +123,7 @@ static char *afl_environment_variables[] = {
"AFL_SKIP_BIN_CHECK", "AFL_SKIP_BIN_CHECK",
"AFL_SKIP_CPUFREQ", "AFL_SKIP_CPUFREQ",
"AFL_SKIP_CRASHES", "AFL_SKIP_CRASHES",
"AFL_TAINT_INPUT",
"AFL_TMIN_EXACT", "AFL_TMIN_EXACT",
"AFL_TMPDIR", "AFL_TMPDIR",
"AFL_TOKEN_FILE", "AFL_TOKEN_FILE",

6
qemu_taint/README.md
View File

@ -1,9 +1,11 @@
# qemu_taint # qemu_taint
First level taint implementation with qemu for linux user mode First level taint implementation with qemu for linux user mode
**THIS IS NOT WORKING YET** **WIP** **THIS IS NOT WORKING YET** **WIP**
## What is this for ## What is this for
On new queue entries (newly discovered paths into the target) this tainter On new queue entries (newly discovered paths into the target) this tainter
is run with the new input and the data gathered which bytes in the input is run with the new input and the data gathered which bytes in the input
file are actually touched. file are actually touched.
@ -11,17 +13,21 @@ file are actually touched.
Only touched bytes are then fuzzed by afl-fuzz Only touched bytes are then fuzzed by afl-fuzz
## How to build ## How to build
./build_qemu_taint.sh ./build_qemu_taint.sh
## How to use ## How to use
Add the -T flag to afl-fuzz Add the -T flag to afl-fuzz
## Caveats ## Caveats
For some targets this is amazing and improves fuzzing a lot, but if a target For some targets this is amazing and improves fuzzing a lot, but if a target
copies all input bytes first (e.g. for creating a crc checksum or just to copies all input bytes first (e.g. for creating a crc checksum or just to
safely work with the data), then this is not helping at all. safely work with the data), then this is not helping at all.
## Future ## Future
Two fuzz modes for a queue entry which will be switched back and forth: Two fuzz modes for a queue entry which will be switched back and forth:
1. fuzz all touched bytes 1. fuzz all touched bytes

6
qemu_taint/build.sh → qemu_taint/build_qemu_taint.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
test -d qemu || git clone https://github.com/vanhauser-thc/qemu_taint qemu || exit 1 test -d qemu || git clone https://github.com/vanhauser-thc/qemu_taint qemu || exit 1
cd qemu || exit 1 cd qemu || exit 1
test -d .git || { git stash ; git pull ; } test -d .git && { git stash ; git pull ; }
cp -fv ../../include/config.h ../../include/types.h . cp -fv ../../include/config.h ../../include/types.h . || exit 1
./build.sh ./build.sh || exit 1
cp -fv ./afl-qemu-taint ../.. cp -fv ./afl-qemu-taint ../..

4
qemu_taint/clean.sh
View File

@ -1,3 +1,3 @@
#!/bin/sh #!/bin/sh
rm -f afl-qemu-taint rm -f afl-qemu-taint qemu/afl-qemu-taint ../afl-qemu-taint
test -d qemu && rm -f qemu test -d qemu && { cd qemu ; ./clean.sh ; }