alwin.berger/FRET-LibAFL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,702 Commits 19 Branches 28 Tags
Commit Graph

576 Commits

Author SHA1 Message Date
Andrea Fioraldi
2faf1d24c8
Hook syscalls in QemuBytesCoverageSugar (#233) 
* add x64 syscalls numbers

* syscall hook

* update commit

* read guest mappings

* clippy

* read write hooks

* automerge fix

* type fix

* hooks syscalls in sugar
 2021-07-21 12:29:46 +02:00
Andrea Fioraldi
db820d56a2
Qemu memory hooks (#232) 
* add x64 syscalls numbers

* syscall hook

* update commit

* read guest mappings

* clippy

* read write hooks

* automerge fix

* type fix
 2021-07-21 12:28:06 +02:00
Andrea Fioraldi
8e745f7d90 Remove useless fuzzbench_qemu build deps 2021-07-21 11:18:33 +02:00
Andrea Fioraldi
dfe39e2af7
libafl_sugar (#215) 
* fuzzer mod

* libafl_sugar skeleton

* build libafl_sugar

* libfuzzer_stb_image_sugar

* Delete log

* qemu in libafl_sugar

* docker

* macos merda

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-07-20 11:47:33 +02:00
Andrea Fioraldi
5cd7339b1a
Qemu read memory mappings (#228) 
* add x64 syscalls numbers

* syscall hook

* update commit

* read guest mappings

* clippy
 2021-07-16 10:38:00 +02:00
Andrea Fioraldi
b09fa4e3f4
Qemu syscalls hook (#226) 
* add x64 syscalls numbers

* syscall hook

* update commit
 2021-07-15 11:12:10 +02:00
Andrea Fioraldi
42b7c6d7e7
Qemu CmpLog (#223) 
* empty libafl_qemu crate

* fuzzbench qemu fuzzer skeleton

* emu.run() works without bp

* working emu loop

* resolve elf symbols

* running Qemu fuzzer without coverage

* qemu fuzzer with edge coverage

* merge into inprocess::GLOBAL_STATE

* create QemuExecutor and remove QemuEmulator

* qemu hooks and persist edges mapping storing them in State

* windows fix

* add libafl_qemu to workspace

* windows fix

* some clippy

* clippy

* fix fuzzbench_qemu

* fix fuzzbench_qemu makefile

* fuck you macos

* resolve PIC symbols

* cmp hooks

* cmplog hooks

* qemu cmplog

* clippy
 2021-07-13 16:02:53 +02:00
Dominik Maier
712c5daeb9
Reload corpus size after restart (addresses #210) (#220) 
* reload corpus size after restart (addresses #210)

* no_std
 2021-07-12 13:16:40 +02:00
Dominik Maier
a0ba0f0251 clippy 2021-07-12 10:30:41 +02:00
Toka
4dea81b2a2
MOpt Refactor & Bug fixes (#218) 
* rename

* fmt

* post_exec

* post_exec

* bug fix & change type

* refactor

* clippy

* fix

* unnecessary trait

* mode in Mutator

* remove println
 2021-07-10 16:32:10 +02:00
Dominik Maier
aad271abf4
Cache Rust in CI (#217) 
* rust cache

* less warnings during docker build

* removed unused use
 2021-07-10 14:42:10 +02:00
Dominik Maier
0121096e84
Fixes for no_std build (#214) 
* builds on no_std

* fixed std build

* nightly fmt on CI

* nightly fmt on CI (again)

* fmt

* no_std build on unix

* more mem

* added no_std from #212 to gh workflow

* more ci, less nightly

* clippy

* more toolchains?

* docu

* y u no build

* more ci?

* next try

* fixed dockr

* more dockerfile fixes

* ondisk corpus fixed

* panic:?

* ubunutu

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2021-07-09 20:07:56 +02:00
Andrea Fioraldi
badf3f0e6e
Resolve symbols in PIC binaries in libafl_qemu (#216) 
* empty libafl_qemu crate

* fuzzbench qemu fuzzer skeleton

* emu.run() works without bp

* working emu loop

* resolve elf symbols

* running Qemu fuzzer without coverage

* qemu fuzzer with edge coverage

* merge into inprocess::GLOBAL_STATE

* create QemuExecutor and remove QemuEmulator

* qemu hooks and persist edges mapping storing them in State

* windows fix

* add libafl_qemu to workspace

* windows fix

* some clippy

* clippy

* fix fuzzbench_qemu

* fix fuzzbench_qemu makefile

* fuck you macos

* resolve PIC symbols
 2021-07-09 15:17:57 +02:00
Andrea Fioraldi
d472a1242a
libafl_qemu (#211) 
* empty libafl_qemu crate

* fuzzbench qemu fuzzer skeleton

* emu.run() works without bp

* working emu loop

* resolve elf symbols

* running Qemu fuzzer without coverage

* qemu fuzzer with edge coverage

* merge into inprocess::GLOBAL_STATE

* create QemuExecutor and remove QemuEmulator

* qemu hooks and persist edges mapping storing them in State

* windows fix

* add libafl_qemu to workspace

* windows fix

* some clippy

* clippy

* fix fuzzbench_qemu

* fix fuzzbench_qemu makefile

* fuck you macos
 2021-07-08 15:21:14 +02:00
Andrea Fioraldi
a1fc2a5453 Bump to 0.5.0 2021-07-05 14:12:40 +02:00
Toka
849ff1fa04
MOpt scheduler (#161) 
* add the struct for MOpt globals

* constants

* RAND_C

* more comments & reorder class members

* select_algorithm

* no_std fixes

* clippy fixes

* MOptMutator

* MutatorsTuple has HasLen

* MOptStage

* pso_update

* HasMOpt trait

* ScheduledMutator, core_fuzzing

* clippy fix

* fmt

* core_fuzzing

* core_fuzzing done

* fix

* pilot_mutate

* pilot_fuzzing

* pilot_fuzzing done

* MOpt metadata

* Make MOptMutator into a trait

* initialize_mopt

* No getter/setters

* fmt

* fixed compiler warnings & clippy warnings

* Comments

* fix type paramter, integrate into libpng

* fmt

* fmt

* No HasMOpt

* fmt

* improve

* pso_initialize, various fixes

* clippy

* fmt

* always pacemaker mode

* fmt

* fix

* less noisy fmt::Debug

Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2021-07-05 13:54:15 +02:00
Toka
fbeec3ca6c
Faster feedback (#206) 
* faster_feedback

* typo

* feedback_or

* comma

* crash dedup can use the fast one
 2021-07-05 13:51:18 +02:00
Toka
c01f1e3318
launcher example needs --cores (#203) 2021-07-02 16:52:27 +02:00
Toka
b3c52a4ad6
Test fuzzers (#187) 
* build_all_fuzzer.shj

* run.sh

* output log

* ENABLE_SHARED off

* libc6-dev

* echo

* no need to cargo build twice

* replaced realpath (not available on macos) with /Users/domenukk/tmp/libaflrs/fuzzers/libfuzzer_libpng_launcher

* replaced PWD with pwd

* trying to get llvm-config working

* more sudo?

* slash

* trying to get all deps

* more info

* delete apt install from build_all_fuzzers.sh

* correct libfuzzer_libpng makefile

* fix build for libfuzzer_libpng

* fix other makefiles

* nproc not supported on macos

* no run.sh, use make short_test

* enable_shared=false

* just Linux

* fix

* forkserver makefile

* fix

* stb_image Makefile

Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2021-07-02 15:35:41 +02:00
Andrea Fioraldi
44f6e4c389
Improve introspection (#200) 
* remove NUM_FEEDBACKS

* working introspection

* adust introspection stats

* bugfixes, clippy

* removed outdated define

* more clippy;

* no_std

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-07-02 10:58:36 +02:00
Dominik Maier
716af8920b clippy fixes 2021-06-29 12:30:49 +02:00
Dominik Maier
e479b4fa24 macos fixes 2021-06-28 16:18:17 +02:00
Andrea Fioraldi
8056cbe5cb Weak main to link non-fuzzing targets 2021-06-28 11:41:04 +02:00
Andrea Fioraldi
5b54f0f068
Llvm passes (#185) 
* enable llvm passes in libafl_cc

* cmplog rtn pass in fuzzbench fuzzer

* improve libafl_cc

* silence fuzzbench compiler wrapper

* instrumentation and runtime for rtn cmplog

* fix test

* fix test

* fuck clippy

* remove anon union in CmpLogMap

* windows.h

* remove libafl_targets_cmplog_wrapper

* no inline linking

* adapt fuzzers/
 2021-06-23 09:38:15 +02:00
Andrea Fioraldi
bdb5efbf5b
Configurations (#162) 
* print sender id

* storing sender id to env

* executor in llmp handle_in_client

* compile the lib

* compiling generic_inmemory

* fix forkserver

* adapt from fuzzers

* instrospection fix

* exitkind in NewTestcase

* fix libafl_frida

* fix firda_libpng

* send conf with Newtestcase event

* bump to 0.4.0

* no_std fix

* fmt

* fix libfuzzer_libmozjpeg

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-06-22 15:04:14 +02:00
Dominik Maier
5c5a1cf2e9
fixed fuzzbench early exits (#182) 2021-06-22 09:02:56 +02:00
Andrea Fioraldi
57d6df7951 Last and great fmt for fuzzbench 2021-06-21 17:56:09 +02:00
Andrea Fioraldi
abed61cc49 Propagate exit code in the compiler wrapper 2021-06-21 17:38:36 +02:00
Andrea Fioraldi
76892fddc6 Silence fuzzbench compiler 2021-06-21 17:15:09 +02:00
Andrea Fioraldi
ea40c21533 Fix args in fuzzers/fuzzbench 2021-06-21 14:17:35 +02:00
Dominik Maier
8db453001f fixed fuzzbench some more 2021-06-16 23:41:08 +02:00
Dominik Maier
0af9c0c862
Fuzzbench fuzzer fix (#179) 2021-06-16 23:29:51 +02:00
Andrea Fioraldi
21508ee571 Remove useless trace-cmp 2021-06-16 19:02:39 +02:00
Dominik Maier
dea21da5c3
fuzzbench harness (#165) 
* starting to build fuzzbench harness

* fuzzbench updated

* fuzzbench example readme

* removed dummy files

* Intial de-luxe dockerfile added

* added to dockerignore

* more fuzzbench

* dockerfile

* final dockerfile fun

* fuzzing fixes, switched rand, build fixes

* fmt

* added dummy fuzzone

* silence wrapper output

* clippy

* logfile fixes

* adopt changes to libafl-cc

* various fixes
 2021-06-16 18:24:07 +02:00
Andrea Fioraldi
1faadec106
Move win32 libs in libafl_cc and improve static lib linking (#176) 
* Move win32 libs in libafl_cc and improve static lib linking

* fmt
 2021-06-16 14:21:13 +02:00
Andrea Fioraldi
2b0976132a
Generic Inmemory Fuzzer (#166) 
* generic inmemory fuzzer

* Link whole archive

* fmt
 2021-06-14 10:26:10 +02:00
Dominik Maier
c4dd0b25b8 fmt, clippy fixes 2021-06-10 13:39:44 +02:00
s1341
bea557a48a Switch frida_libpng to ShadowExecutor when using cmplog 2021-06-10 12:30:57 +03:00
Andrea Fioraldi
308e9c7fe9 adapt fuzzers/libfuzzer_stb_image to use ShadowTracingStage for CmpLog 2021-06-09 14:38:45 +02:00
OB
7abd7c8162
Cmplog instrumentation for Frida (#99) 
* libafl_targets: refactor sancov trace-pc

* cmp observer

* libaf_targets: new structure to isolate sancov

* fix C warning

* combined executor

* cmp observer and feedback

* I2SRandReplace mutator

* impl CmpMap for CmpLogMap in libafl_targets

* cmplog observer

* clippy

* TracingStage

* working random cmplog mutations

* enable cmplog for libfuzzer_stb_image

* re-enable new testcase stats print

* fix update stats display

* bump 0.3.1

* clippy

* clippy

* no clippy for fuzzers/

* fix

* add cmplog runtime instrumentation

* test cmplog against value profile feature

* fix compile error

* add target arch aarch64 for is_interesting_cmplog_instruction

* add cfg target aarch64 on cmplog related code within stalker loop

* revert changes in cargo.toml

* align code with 'main' branch

* revert accidently changed Cargo.toml file

* update cmplog runtime code to work with the cmplog backend implementation

* change magic to 8 bytes

* cmplog runs with observer- no crashes

* clippy fixes

* add cmplog_runtime as feature

* set cmplog command-line argument to false by default

* setup cmplog observer and mutator correctly

* decrease emitted code opcode count

* add cmplog testing to the harness

* get rid of irrelevant changes and unused code, add comments, change
feature name to "cmplog"

* get rid of some unessecery whitespaces and new lines

* fix clippy errors

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Omree <you@example.com>
 2021-06-09 14:11:43 +02:00
s1341
4271790cb5
Add unique_name() to Input. Use it to generate filename in OnDiskCorpus (#152) 
* Add unique_name() to Input. Use unique_name to generate filename in OnDiskCorpus

* updated duplicate ahash

* nostd fixes

* fmt

* rename unique_name to generate_name

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-06-08 09:54:38 +02:00
Dominik Maier
36b823548a
nightly clippy fixes (#155) 
* nightly clippy fixes

* more niglty clippy fixes

* added Safety section

* no_std fixes

* final fixes
 2021-06-07 12:30:56 +02:00
Dominik Maier
3b2ee4bb70
Added MacOS CI (#131) 
* added macos ci

* running tests on macos

* some macos fixes

* fmt

* some must_use infos

* trying' to fix MacOs testcases

* no main in test

* fixed MacOS testcases

* tried to fix build errors

* unified shmem_limits

* Revert "unified shmem_limits"

This reverts commit 8c6bb8d6a2cec71d72bb181b5b491737a771298e.

* hopefully fixed macos testcase

* removed unneeded values
 2021-06-07 01:24:41 +02:00
s1341
636194de0e
Frida switch from walk-proc-maps to frida-gum based extraction of ranges (#149) 
* Bump frida-gum version

* Move from walk of /proc/pid/maps to frida based range/module locatoin
 2021-06-06 10:40:07 +02:00
Toka
e4b3cc542a
Forkserver_simple uses TimeoutForkserverExecutor (#139) 
* forkserver_simple uses TimeoutforkserverExecutor

* fmt

* from_millis
 2021-05-31 15:44:56 +02:00
s1341
83bef6e85a
Fix frida bugs (#132) 
* Get rid of extra deactivate

* Fix realloc, posix_memalign/memalign bugs

* Fix cfg attributes; Add instrumented ranges and translated PC to func errors

* Formatting

* Make hook_functionss aarch64 only for now.
 2021-05-27 11:17:42 +02:00
Dominik Maier
945693f6ed fixed example testcase 2021-05-26 16:50:10 +02:00
Andrea Fioraldi
a0804fd24d
Decouple llmp broker from manager (#125) 
* decouple broker from manager

* fix no_std

* fix win build
 2021-05-25 18:00:27 +02:00
Andrea Fioraldi
46716e8090
Remove executor hooks (#124) 
* remove HasExecHooks from Executor

* adapt the frida executor

* adapt frida and avoid recursive type infearence

* fix win build
 2021-05-25 15:19:10 +02:00
Dominik Maier
7493b59ba8 bringing back light clippy for fuzzers :) 2021-05-25 14:53:57 +02:00