From bca358edec5d27814ebab53780002bfc9dea28fd Mon Sep 17 00:00:00 2001 From: Remco <remco@dutchcoders.io> Date: Tue, 24 May 2016 18:18:01 +0200 Subject: [PATCH] afl fuzzer setup --- afl/dict/add | 1 + afl/dict/inc | 1 + afl/dict/int | 1 + afl/dict/mov | 1 + afl/dict/movzx | 1 + afl/dict/nop | 1 + afl/tests/instr-1 | 1 + afl/tests/instr-10 | 1 + afl/tests/instr-11 | 1 + afl/tests/instr-12 | 1 + afl/tests/instr-13 | 1 + afl/tests/instr-14 | 1 + afl/tests/instr-15 | 1 + afl/tests/instr-16 | 1 + afl/tests/instr-17 | 1 + afl/tests/instr-18 | 1 + afl/tests/instr-19 | 1 + afl/tests/instr-2 | 1 + afl/tests/instr-20 | 1 + afl/tests/instr-21 | 1 + afl/tests/instr-22 | 1 + afl/tests/instr-23 | 1 + afl/tests/instr-24 | 1 + afl/tests/instr-3 | 1 + afl/tests/instr-4 | 1 + afl/tests/instr-5 | 1 + afl/tests/instr-6 | 1 + afl/tests/instr-7 | 1 + afl/tests/instr-8 | 1 + afl/tests/instr-9 | 1 + fuzz.sh | 8 ++++++++ make-afl.sh | 5 +++++ 32 files changed, 43 insertions(+) create mode 100644 afl/dict/add create mode 100644 afl/dict/inc create mode 100644 afl/dict/int create mode 100644 afl/dict/mov create mode 100644 afl/dict/movzx create mode 100644 afl/dict/nop create mode 100644 afl/tests/instr-1 create mode 100644 afl/tests/instr-10 create mode 100644 afl/tests/instr-11 create mode 100644 afl/tests/instr-12 create mode 100644 afl/tests/instr-13 create mode 100644 afl/tests/instr-14 create mode 100644 afl/tests/instr-15 create mode 100644 afl/tests/instr-16 create mode 100644 afl/tests/instr-17 create mode 100644 afl/tests/instr-18 create mode 100644 afl/tests/instr-19 create mode 100644 afl/tests/instr-2 create mode 100644 afl/tests/instr-20 create mode 100644 afl/tests/instr-21 create mode 100644 afl/tests/instr-22 create mode 100644 afl/tests/instr-23 create mode 100644 afl/tests/instr-24 create mode 100644 afl/tests/instr-3 create mode 100644 afl/tests/instr-4 create mode 100644 afl/tests/instr-5 create mode 100644 afl/tests/instr-6 create mode 100644 afl/tests/instr-7 create mode 100644 afl/tests/instr-8 create mode 100644 afl/tests/instr-9 create mode 100755 fuzz.sh create mode 100755 make-afl.sh diff --git a/afl/dict/add b/afl/dict/add new file mode 100644 index 0000000..f5f1d7b --- /dev/null +++ b/afl/dict/add @@ -0,0 +1 @@ +add (1), (2) diff --git a/afl/dict/inc b/afl/dict/inc new file mode 100644 index 0000000..8d7dd87 --- /dev/null +++ b/afl/dict/inc @@ -0,0 +1 @@ +inc (1), (2) diff --git a/afl/dict/int b/afl/dict/int new file mode 100644 index 0000000..dc46b0b --- /dev/null +++ b/afl/dict/int @@ -0,0 +1 @@ +int (1)h diff --git a/afl/dict/mov b/afl/dict/mov new file mode 100644 index 0000000..b922058 --- /dev/null +++ b/afl/dict/mov @@ -0,0 +1 @@ +mov (1), (2) diff --git a/afl/dict/movzx b/afl/dict/movzx new file mode 100644 index 0000000..8d2d4da --- /dev/null +++ b/afl/dict/movzx @@ -0,0 +1 @@ +movzx (1), (2) diff --git a/afl/dict/nop b/afl/dict/nop new file mode 100644 index 0000000..c27745a --- /dev/null +++ b/afl/dict/nop @@ -0,0 +1 @@ +nop diff --git a/afl/tests/instr-1 b/afl/tests/instr-1 new file mode 100644 index 0000000..4222a3b --- /dev/null +++ b/afl/tests/instr-1 @@ -0,0 +1 @@ +add rsp,0x438 diff --git a/afl/tests/instr-10 b/afl/tests/instr-10 new file mode 100644 index 0000000..7f2d4b8 --- /dev/null +++ b/afl/tests/instr-10 @@ -0,0 +1 @@ +lea rsp,[rsp-0x98] diff --git a/afl/tests/instr-11 b/afl/tests/instr-11 new file mode 100644 index 0000000..9a0c23f --- /dev/null +++ b/afl/tests/instr-11 @@ -0,0 +1 @@ +mov QWORD PTR [rsp+0x8],rcx diff --git a/afl/tests/instr-12 b/afl/tests/instr-12 new file mode 100644 index 0000000..f78c106 --- /dev/null +++ b/afl/tests/instr-12 @@ -0,0 +1 @@ +mov eax,0x4 diff --git a/afl/tests/instr-13 b/afl/tests/instr-13 new file mode 100644 index 0000000..db4b6f4 --- /dev/null +++ b/afl/tests/instr-13 @@ -0,0 +1 @@ +mov ecx,eax diff --git a/afl/tests/instr-14 b/afl/tests/instr-14 new file mode 100644 index 0000000..60e63ae --- /dev/null +++ b/afl/tests/instr-14 @@ -0,0 +1 @@ +mov r13,QWORD PTR [r14+0x10] diff --git a/afl/tests/instr-15 b/afl/tests/instr-15 new file mode 100644 index 0000000..512119d --- /dev/null +++ b/afl/tests/instr-15 @@ -0,0 +1 @@ +mov ecx, 0x17e9 diff --git a/afl/tests/instr-16 b/afl/tests/instr-16 new file mode 100644 index 0000000..c27745a --- /dev/null +++ b/afl/tests/instr-16 @@ -0,0 +1 @@ +nop diff --git a/afl/tests/instr-17 b/afl/tests/instr-17 new file mode 100644 index 0000000..660173d --- /dev/null +++ b/afl/tests/instr-17 @@ -0,0 +1 @@ +or edx,0x4 diff --git a/afl/tests/instr-18 b/afl/tests/instr-18 new file mode 100644 index 0000000..5a699ee --- /dev/null +++ b/afl/tests/instr-18 @@ -0,0 +1 @@ +pop r12 diff --git a/afl/tests/instr-19 b/afl/tests/instr-19 new file mode 100644 index 0000000..ce273d2 --- /dev/null +++ b/afl/tests/instr-19 @@ -0,0 +1 @@ +push r12 diff --git a/afl/tests/instr-2 b/afl/tests/instr-2 new file mode 100644 index 0000000..284dc75 --- /dev/null +++ b/afl/tests/instr-2 @@ -0,0 +1 @@ +call 100002ce0 <_usage> diff --git a/afl/tests/instr-20 b/afl/tests/instr-20 new file mode 100644 index 0000000..4c75d7d --- /dev/null +++ b/afl/tests/instr-20 @@ -0,0 +1 @@ +ret diff --git a/afl/tests/instr-21 b/afl/tests/instr-21 new file mode 100644 index 0000000..d1b0830 --- /dev/null +++ b/afl/tests/instr-21 @@ -0,0 +1 @@ +sub rsp,0x438 diff --git a/afl/tests/instr-22 b/afl/tests/instr-22 new file mode 100644 index 0000000..d90ae2d --- /dev/null +++ b/afl/tests/instr-22 @@ -0,0 +1 @@ +test eax,eax diff --git a/afl/tests/instr-23 b/afl/tests/instr-23 new file mode 100644 index 0000000..f003afd --- /dev/null +++ b/afl/tests/instr-23 @@ -0,0 +1 @@ +xchg ax,ax diff --git a/afl/tests/instr-24 b/afl/tests/instr-24 new file mode 100644 index 0000000..c29e7ec --- /dev/null +++ b/afl/tests/instr-24 @@ -0,0 +1 @@ +xor r13d,r13d diff --git a/afl/tests/instr-3 b/afl/tests/instr-3 new file mode 100644 index 0000000..9c9f788 --- /dev/null +++ b/afl/tests/instr-3 @@ -0,0 +1 @@ +cmove edx,eax diff --git a/afl/tests/instr-4 b/afl/tests/instr-4 new file mode 100644 index 0000000..7701fa0 --- /dev/null +++ b/afl/tests/instr-4 @@ -0,0 +1 @@ +cmp QWORD PTR [rbp-0x450],0x0 diff --git a/afl/tests/instr-5 b/afl/tests/instr-5 new file mode 100644 index 0000000..3a4ade0 --- /dev/null +++ b/afl/tests/instr-5 @@ -0,0 +1 @@ +cmp eax,0xffffffff diff --git a/afl/tests/instr-6 b/afl/tests/instr-6 new file mode 100644 index 0000000..4c4572f --- /dev/null +++ b/afl/tests/instr-6 @@ -0,0 +1 @@ +inc rbx diff --git a/afl/tests/instr-7 b/afl/tests/instr-7 new file mode 100644 index 0000000..53ab3d0 --- /dev/null +++ b/afl/tests/instr-7 @@ -0,0 +1 @@ +je 100002b58 <_main+0x1a58> diff --git a/afl/tests/instr-8 b/afl/tests/instr-8 new file mode 100644 index 0000000..721071b --- /dev/null +++ b/afl/tests/instr-8 @@ -0,0 +1 @@ +jne 100002c9a <_main+0x1b9a> diff --git a/afl/tests/instr-9 b/afl/tests/instr-9 new file mode 100644 index 0000000..ac47d4c --- /dev/null +++ b/afl/tests/instr-9 @@ -0,0 +1 @@ +lea r12,[rbp-0x430] diff --git a/fuzz.sh b/fuzz.sh new file mode 100755 index 0000000..e4db662 --- /dev/null +++ b/fuzz.sh @@ -0,0 +1,8 @@ +#!/bin/bash +pushd . +cd build && ../make-afl.sh +popd +pushd . +cd ./afl +afl-fuzz -i ./tests -o ./findings -x ./dict -- ../build/kstool/kstool x32 +popd diff --git a/make-afl.sh b/make-afl.sh new file mode 100755 index 0000000..8b7ac0e --- /dev/null +++ b/make-afl.sh @@ -0,0 +1,5 @@ +#!/bin/sh -ex + +cmake -DCMAKE_C_COMPILER=afl-clang -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DLLVM_TARGETS_TO_BUILD="all" -G "Unix Makefiles" .. +time make -j8 + -- GitLab