Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

actually fuzzing inputs? #1

Open
jbachell opened this issue Jun 20, 2019 · 4 comments
Open

actually fuzzing inputs? #1

jbachell opened this issue Jun 20, 2019 · 4 comments

Comments

@jbachell
Copy link

Hi! I've currently been looking at your code and you don't take in any inputs.

Does your original code work for fuzzing?

I have modified the code (sort of) to work with ARM and also tried to actually fuzz inputs (adding an input directory to the command line). It doesn't seem to work. I'm not sure if this is an issue with the additions I've made, or if it's an issue with adding it to afl-unicorn. I don't fully understand the use of a loop at the end of the unicorn_loader.cpp. What did your original tests actually do?

Note: The C++ version of this compared to python is significantly faster, maybe about 8 times faster (if I can get it working)
@kirasys
Copy link
Owner

kirasys commented Aug 29, 2019

Sorry for the late reply. "unicorn_loader.cpp" is a harness file for fuzzing and "tests" folder just takes a binary for testing. I don't think you understand about afl-unicorn completely. Please check this post. (afl-unicorn: Fuzzing Arbitrary Binary Code)

ps. I've updated the project. If any problem is found, please let me know

@jbachell
Copy link
Author

I should be sending you a pull request! I updated the harness to how I was using it, as well ARM support. "Dumb fuzzing" works, but the path finding does not work with AFL. AFL cannot distinguish unique errors with this unicorn fuzzer, but with python it can. Do you know why?

@kirasys
Copy link
Owner

kirasys commented Aug 30, 2019

Thank for your PR!! I'll reflect your code on the project soon. Anyway, can you tell me what kind of unique errors it doesn't find? Such as heap corruption or stack overflow. Do you mean the unicorn loader which was built from my project doesn't emit a crash though an edge case is given?

@jbachell
Copy link
Author

No, I mean to tell you that the pathfinding is broken. For the python fuzzer, the program can detect where it is in the program and find ways to fully explore the program to get full coverage. I believe that I have the test I was using in my arm branch which was forked from yours. I'm not currently working on the project, but I don't mind picking it back up for a little. It shouldn't take that long to just look through my test and new loader and see what it does ... My goal was for it to be the exact same usage as the original AFL Unicorn, just in C++, including the same command line usage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kirasys @jbachell