alwin.berger/FRET-LibAFL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
FRET-LibAFL/fuzzers/qemu_systemmode/README.md
Romain Malmain fef6c8d1b1
Run qemu_systemmode tests with self-hosted runners (#2018) 
* run qemu fuzzers (qemu_systemmode only for now) in self-hosted runners

* Remove qemu-related fuzzers to general fuzzers

* fix

* Install dependencies before anything else

* Do not use sudo

* Install sudo

* Revert "Install dependencies before anything else"

This reverts commit 107addad5d9f68dec5a9af50831112cd72c28f4d.

* added qemu specific prerequisites

* add -y flag

* Format with nightly

* Do not use nightly only.
Install fmt and clippy for stable as well.

* Install qemu-img for qemu

* fix qemu-img install

* apt update

* Changed timeout.

* Fix qemu_systemmode test

* fmt

* clippy + decorrelate build and run for qemu_systemmode.

* fix fuzzer

* clippy

* add sqlite3-dev to package prerequisites.

* add arm-none-eabi-gcc

* fix profile dir

* fix condition.

* Run less QEMU stuff faster

---------

Co-authored-by: Toka <tokazerkje@outlook.com>
2024-04-22 18:17:22 +02:00

1.4 KiB
Raw Permalink Blame History

Qemu systemmode with launcher

This folder contains an example fuzzer for the qemu systemmode, using LLMP for fast multi-process fuzzing and crash detection.

It comes in three flavours (can be set through features):

-classic: The low-level way to interact with QEMU. -breakpoint: Interaction with QEMU using the command system, leveraging breakpoints. -sync_exit: Interaction with QEMU using the command system, leveraging sync exits.

Prerequisite

You will need to have qemu-img and arm-none-eabi-gcc installed.

On Ubuntu and Debian, you will need to run

sudo apt update
sudo apt -y install qemu-utils gcc-arm-none-eabi

Build

cargo make build

Run

cargo make run

It is also possible to run the fuzzer with the other features:

cargo make <feature>

With feature being classic, breakpoint or sync_exit.

This will build the desired fuzzer (src/fuzzer_.rs) and a small example binary based on FreeRTOS, which can run under a qemu emulation target. Since the instrumentation is based on snapshots, QEMU needs a virtual drive (even if it is unused...). Thus, the makefile creates a dummy QCOW2 image dummy.qcow2 (can be found in the target directory). Currently, the KERNEL variable is needed because the fuzzer does not parse QEMUs arguments to find the binary. It is automatically set in the build script.