sslab-gatech / fuzzification Goto Github PK
View Code? Open in Web Editor NEWWe hinder fuzzing
fuzzification's People
Contributors
Stargazers
Watchers
Forkers
chubbymaggie hikame huanglei3 thomasthecatdad j03d03 sonysame woshizhuchenguang koukyosyumeifuzzification's Issues
Can you provide a Dockerfile?
Thanks for your great job!
I'm wondering if you can provide a Dockerfile for easier installation and usage?
Antitaint variable names
The transformation performed in anti-taint.py will create invalid c code in some cases. This is due to a missing check for the existence of variables named newvar_X.
A minimal example of where this will be a problem is:
int newvar_1 = 1;
char str1[20];
strcpy(str1, "hello");
if(strcmp(str1, "hello")) {
printf("True");
} else {
printf("False");
}
which will be transformed to:
int newvar_1 = 1;
char str1[20];
strcpy(str1, "hello");
//////////////// ANTI-TAINT-STR //////////////////
char newvar_1[strlen(str1)];
if (strlen(str1) < 30){
for (int i=0;i<strlen(str1);i++){
int ch=0;
int temp = 0;
int temp2 = 0;
for (int j=0; j<8;j++){
temp = str1[i];
temp2 = temp & (1<<j);
if (temp2 !=0){
ch |= 1<<j;
}
}
newvar_1[i] = ch;
}
}
else{
strncpy(newvar_1, str1, strlen(str1));
}
//////////////////////////////////////////////////
if(strcmp(newvar_1, "hello")) {
printf("True");
} else {
printf("False");
}
where newvar_1 is already in use.
Further i would like to ask you where you apply the crc checksum replacements of the form:
// original code: if (value == 12345)
if (CRC_LOOP(value) == OUTPUT_CRC) { ... }
that you write about in your paper.
Cannot compile tutorial's *_bump due to lack of compile command line
As you see, the antifuzz-tutorial contains a compile tutorial of binutils-2.23 , the binary readelf,objdump,objcpy,nm-new has the source code -> ir code command line , e.g.
COMMAND["objdump.o"] = 'afl-clang-fast -DHAVE_CONFIG_H -I. -I. -I. -I../bfd -I./../bfd -I./../include -DLOCALEDIR="\\"/usr/local/share/locale\\"" -Dbin_dummy_emulation=bin_vanilla_emulation -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wshadow -O0 -flto -std=c11 -lpthread -MT objdump.o -MD -MP -MF .deps/objdump.Tpo -c -o objdump.o -DOBJDUMP_PRIVATE_VECTORS="" ./{SRC} 2> /tmp/makeout'
but if I want to compile the binary with speedbump, it will lead to :(See antifuzz-tutorial/temp/binutils/build-objdump.sh, this is generated by src/compile.py)
elif [ "$3" == "slow" ]
then
#afl-clang-fast -DHAVE_CONFIG_H -I. -I. -I. -I../bfd -I./../bfd -I./../include -DLOCALEDIR="\"/usr/local/share/locale\"" -Dbin_dummy_emulation=bin_vanilla_emulation -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wshadow -O0 -flto -std=c11 -lpthread -MT objdump.o -MD -MP -MF .deps/objdump.Tpo -c -o objdump.o -DOBJDUMP_PRIVATE_VECTORS="" ./objdump.c 1> /dev/null 2> /tmp/makeout
cp /home/lawyer61/AIFuzz/fuzzification/src/llvm_pass/bump/delaysrc/delay_$2.o ./delay.o
/bin/bash ./libtool --tag=CC --mode=link afl-clang-fast -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wshadow -O0 -flto -std=c11 -lpthread -flto -o $1 delay.o huge_dummy.o objdump_bump.o dwarf_bump.o prdbg_bump.o rddbg_bump.o debug_bump.o stabs_bump.o ieee_bump.o rdcoff_bump.o bucomm_bump.o version_bump.o filemode_bump.o elfcomm_bump.o ../opcodes/libopcodes.la ../bfd/libbfd.la ../libiberty/libiberty.a -lz 1> /dev/null
The question is, all the *_bump.o file (except the objdump_bump.o) will fail in src/.work3/make_bump.sh:
opt -load ./libSkeletonPass_bump.so -SkeletonPass <$1.o> $1_bump.o
...
opt: <stdin>:1:1: error: expected top-level entity
(Garbled below)
So we will fail in the antifuzz-all.py when opening objdump_d30_r4_o3(for example)
Traceback (most recent call last):
File "antifuzz_all.py", line 587, in <module>
bump_depay, bump_ratio, fname, c_overhead, s_overhead = speedbump()
File "antifuzz_all.py", line 415, in speedbump
c_overhead, s_overhead = _ret_overhead(gen_pn)
File "antifuzz_all.py", line 508, in _ret_overhead
newfile_size = os.path.getsize(gen_pn)
File "/usr/lib/python2.7/genericpath.py", line 57, in getsize
return os.stat(filename).st_size
OSError: [Errno 2] No such file or directory: '../antifuzz-tutorial/temp/binutils/objdump_d50_r17_o3'
readelf has high overhead and segfault faults
Hi,I use the parameters in the evaluation section of the paper compile readelf. Why does the CPU overhead in SpeedBump reach 80%. In addition, if the program after BranchTrap is used, the segment fault is displayed.
Suggestion: Add a check after generating random code in 'src/randomcode.py'
Sometimes the csmith will generate a code without 'main' function (This may because of too many args ). When this happens, delay*.o will not have a 'slp' symbol and bring failure when linking it with test.o
change the function ch_main_arg to this:
def ch_main_arg(pn, argname, funcname):
# change main function name with random_string name
modify_flag = 0
for line in fileinput.input(pn, inplace=True):
if "int main" in line:
line = line.replace("void", "%s" % argname)
line = line.replace("main", "%s" % funcname)
modify_flag = 1
if "int print_hash_value = 0;" in line:
#line = line.replace("0", "1")
continue
if "print_hash_value" in line:
continue
sys.stdout.write(line)
return modify_flag
and change line 116 to :
if not ch_main_arg(var[1], argname, funcname):
continue
That works for me when fail running python randomcode.py for the first time. Hope it helps.
Stuck in installation “make -j 4”
My system is Virtual Box Ubuntu 16.04, installed all the dependencies, but when use this command:
$ make -j 4
It always said there's no file "plugin-api.h" in the directory.
Actually, I tried to go to the folder, the file is in that folder, but when installed, the error message always show up.
Segmentation fault for readelf_all
I have run the following commands to test the functionality. It seems the error handling codes are modified. A segmentation fault will be produced if I feed the readelf_all with a file that does not exist.
$ gdb ./readelf_all
pwndbg> run -a ./nofile
Starting program: /home/xposimon/Desktop/works/fuzzification/antifuzz-tutorial/test/output/readelf/readelf_all -a ./nofile
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
__GI__IO_fread (buf=0x91e010, size=101, count=1, fp=0x0) at iofread.c:37
37 iofread.c: No such file or directory.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.