ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-11 17:51:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

sprinkle nyx links in the docs

Browse Source
This commit is contained in:
vanhauser-thc 2021-12-29 11:55:16 +01:00
parent 1a25ccb618
commit dbc62dbe56
4 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Changelog.md
View File

@ -14,6 +14,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
e.g. "unique crashes" -> "saved crashes", "total paths" -> e.g. "unique crashes" -> "saved crashes", "total paths" ->
"corpus count", "current path" -> "current item". "corpus count", "current path" -> "current item".
This might need changing custom scripting! This might need changing custom scripting!
- Nyx mode (full system emulation with snapshot capability) has been
added - thanks to @schumilo and @eqv!
- new binary-only fuzzing mode: coresight_mode for aarch64 CPUs :) - new binary-only fuzzing mode: coresight_mode for aarch64 CPUs :)
thanks to RICSecLab submitting! thanks to RICSecLab submitting!
- if instrumented libaries are dlopen()'ed after the forkserver you - if instrumented libaries are dlopen()'ed after the forkserver you

29
docs/features.md
View File

@ -4,20 +4,20 @@ AFL++ supports llvm from 3.8 up to version 12, very fast binary fuzzing with
QEMU 5.1 with laf-intel and redqueen, FRIDA mode, unicorn mode, gcc plugin, full QEMU 5.1 with laf-intel and redqueen, FRIDA mode, unicorn mode, gcc plugin, full
*BSD, Mac OS, Solaris and Android support and much, much, much more. *BSD, Mac OS, Solaris and Android support and much, much, much more.
| Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | FRIDA mode(9) | QEMU mode(10) |unicorn_mode(10) |coresight_mode(11)| | Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | FRIDA mode(9) | QEMU mode(10) |unicorn_mode(10) |nyx_mode(12)|coresight_mode(11)|
| -------------------------|:-------:|:---------:|:----------:|:----------------:|:----------------:|:----------------:|:----------------:| | -------------------------|:-------:|:---------:|:----------:|:----------------:|:----------------:|:----------------:|:----------:|:----------------:|
| Threadsafe counters | | x(3) | | | | | | | Threadsafe counters | | x(3) | | | | | x | |
| NeverZero | x86[_64]| x(1) | x | x | x | x | | | NeverZero | x86[_64]| x(1) | x | x | x | x | | |
| Persistent Mode | | x | x | x86[_64]/arm64 | x86[_64]/arm[64] | x | | | Persistent Mode | | x | x | x86[_64]/arm64 | x86[_64]/arm[64] | x | | |
| LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm[64] | | | LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm[64] | x86[_64] | |
| CmpLog | | x | | x86[_64]/arm64 | x86[_64]/arm[64] | | | | CmpLog | | x | | x86[_64]/arm64 | x86[_64]/arm[64] | | | |
| Selective Instrumentation| | x | x | x | x | | | | Selective Instrumentation| | x | x | x | x | | | |
| Non-Colliding Coverage | | x(4) | | | (x)(5) | | | | Non-Colliding Coverage | | x(4) | | | (x)(5) | | | |
| Ngram prev_loc Coverage | | x(6) | | | | | | | Ngram prev_loc Coverage | | x(6) | | | | | | |
| Context Coverage | | x(6) | | | | | | | Context Coverage | | x(6) | | | | | | |
| Auto Dictionary | | x(7) | | | | | | | Auto Dictionary | | x(7) | | | | | | |
| Snapshot LKM Support | | (x)(8) | (x)(8) | | (x)(5) | | | | Snapshot Support | | (x)(8) | (x)(8) | | (x)(5) | | x | |
| Shared Memory Test cases | | x | x | x86[_64]/arm64 | x | x | | | Shared Memory Test cases | | x | x | x86[_64]/arm64 | x | x | x | |
1. default for LLVM >= 9.0, environment variable for older version due an 1. default for LLVM >= 9.0, environment variable for older version due an
efficiency bug in previous llvm versions efficiency bug in previous llvm versions
@ -34,6 +34,7 @@ QEMU 5.1 with laf-intel and redqueen, FRIDA mode, unicorn mode, gcc plugin, full
10. QEMU/Unicorn is only supported on Linux 10. QEMU/Unicorn is only supported on Linux
11. Coresight mode is only available on AARCH64 Linux with a CPU with Coresight 11. Coresight mode is only available on AARCH64 Linux with a CPU with Coresight
extension extension
12. Nyx mode is only supported on Linux and currently restricted to x86_x64
Among others, the following features and patches have been integrated: Among others, the following features and patches have been integrated:

10
docs/fuzzing_binary-only_targets.md
View File

@ -125,6 +125,16 @@ to check out our sister project libafl which supports Frida, too:
[https://github.com/AFLplusplus/LibAFL](https://github.com/AFLplusplus/LibAFL). [https://github.com/AFLplusplus/LibAFL](https://github.com/AFLplusplus/LibAFL).
Working examples already exist :-) Working examples already exist :-)
### Nyx mode
Nyx is a full system emulation fuzzing environment with snapshot support that
is built upon KVM and QEMU.
It is only available on Linux and currently restricted to x86_x64.
For binary-only fuzzing a special 5.10 kernel is required.
See [nyx_mode/README.md](../nyx_mode/README.md)
### Unicorn ### Unicorn
Unicorn is a fork of QEMU. The instrumentation is, therefore, very similar. In Unicorn is a fork of QEMU. The instrumentation is, therefore, very similar. In

4
docs/important_changes.md
View File

@ -5,10 +5,6 @@ changes.
## From version 3.00 onwards ## From version 3.00 onwards
With AFL++ 3.13-3.20, we introduce FRIDA mode (`-O`) to have an alternative for
binary-only fuzzing. It is a bit faster than QEMU mode and works on MacOS,
Android, iOS etc.
With AFL++ 4.00, we introduced the following changes from previous behaviors: With AFL++ 4.00, we introduced the following changes from previous behaviors:
* the complete documenation was overhauled and restructured thanks to @llzmb! * the complete documenation was overhauled and restructured thanks to @llzmb!
* a new CMPLOG target format requires recompiling CMPLOG targets for use * a new CMPLOG target format requires recompiling CMPLOG targets for use