AFL++配置
如果过程中出现问题,很可能是网络不通畅导致
1 2 3 4 5 6 7 8 9 10 11 12 sudo apt-get update sudo apt-get install -y build-essential python3-dev automake cmake git flex bison libglib2.0-dev libpixman-1-dev python3-setuptools cargo libgtk-3-dev sudo apt-get install -y lld-12 llvm-12 llvm-12-dev clang-12 sudo apt-get install -y gcc-$(gcc --version|head -n1|sed 's/\..*//' |sed 's/.* //' )-plugin-dev libstdc++-$(gcc --version|head -n1|sed 's/\..*//' |sed 's/.* //' )-dev sudo apt-get install -y ninja-build git clone https://github.com/AFLplusplus/AFLplusplus cd AFLplusplusLLVM_CONFIG=llvm-config-12 make distrib sudo make install
Exercise2 https://www.cnblogs.com/unr4v31/p/15247691.html
完整流程 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 cd $HOME mkdir fuzzing_libexif && cd fuzzing_libexif/wget https://github.com/libexif/libexif/archive/refs/tags/libexif-0_6_14-release.tar.gz tar -xzvf libexif-0_6_14-release.tar.gz cd libexif-libexif-0_6_14-release/sudo apt-get install autopoint libtool gettext libpopt-dev export LLVM_CONFIG="llvm-config-12" autoreconf -fvi CC=afl-clang-lto ./configure --enable-shared=no --prefix="$HOME /fuzzing_libexif/install/" make make install wget https://github.com/libexif/exif/archive/refs/tags/exif-0_6_15-release.tar.gz tar -xzvf exif-0_6_15-release.tar.gz cd $HOME /fuzzing_libexif/exif-exif-0_6_15-releaseexport LLVM_CONFIG="llvm-config-12" autoreconf -fvi CC=afl-clang-lto ./configure --enable-shared=no --prefix="$HOME /fuzzing_libexif/install/" PKG_CONFIG_PATH=$HOME /fuzzing_libexif/install/lib/pkgconfig make make install cd $HOME /fuzzing_libexifwget https://github.com/ianare/exif-samples/archive/refs/heads/master.zip unzip exif-samples-master.zip $HOME /fuzzing_libexif/install/bin/exif $HOME /fuzzing_libexif/exif-samples-master/jpg/Canon_40D_photoshop_import.jpgafl-fuzz -i $HOME /fuzzing_libexif/exif-samples-master/jpg/ -o $HOME /fuzzing_libexif/out/ -s 123 -- $HOME /fuzzing_libexif/install/bin/exif @@
部分问题解决
fuzz报错
解决:将coredumps输出为文件
1 sudo bash -c 'echo core >/proc/sys/kernel/core_pattern'
结果
Exercise4 完整流程 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 cd $HOME mkdir fuzzing_tiff && cd fuzzing_tiff/wget https://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz tar -xzvf tiff-4.0.4.tar.gz cd tiff-4.0.4/CFLAGS="--coverage" LDFLAGS="--coverage" ./configure --prefix="$HOME /fuzzing_tiff/install/" --disable-shared make make install sudo apt install lcov cd $HOME /fuzzing_tiff/tiff-4.0.4/lcov --zerocounters --directory ./ lcov --capture --initial --directory ./ --output-file app.info $HOME /fuzzing_tiff/install/bin/tiffinfo -D -j -c -r -s -w $HOME /fuzzing_tiff/tiff-4.0.4/test/images/palette-1c-1b.tifflcov --no-checksum --directory ./ --capture --output-file app2.info genhtml --highlight --legend -output-directory ./html-coverage/ ./app2.info rm -r $HOME /fuzzing_tiff/installcd $HOME /fuzzing_tiff/tiff-4.0.4/make clean export LLVM_CONFIG="llvm-config-12" CC=afl-clang-lto ./configure --prefix="$HOME /fuzzing_tiff/install/" --disable-shared AFL_USE_ASAN=1 make -j4 AFL_USE_ASAN=1 make install afl-fuzz -m none -i $HOME /fuzzing_tiff/tiff-4.0.4/test/images/ -o $HOME /fuzzing_tiff/out/ -s 123 -- $HOME /fuzzing_tiff/install/bin/tiffinfo -D -j -c -r -s -w @@
结果
Exercise6 完整流程 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 cd $HOME mkdir Fuzzing_gimp && cd Fuzzing_gimpsudo apt-get install build-essential libatk1.0-dev libfontconfig1-dev libcairo2-dev libgudev-1.0-0 libdbus-1-dev libdbus-glib-1-dev libexif-dev libxfixes-dev libgtk2.0-dev python2.7-dev libpango1.0-dev libglib2.0-dev zlib1g-dev intltool libbabl-dev wget https://download.gimp.org/pub/gegl/0.2/gegl-0.2.0.tar.bz2 tar xvf gegl-0.2.0.tar.bz2 && cd gegl-0.2.0 sed -i 's/CODEC_CAP_TRUNCATED/AV_CODEC_CAP_TRUNCATED/g' ./operations/external/ff-load.c sed -i 's/CODEC_FLAG_TRUNCATED/AV_CODEC_FLAG_TRUNCATED/g' ./operations/external/ff-load.c ./configure --enable-debug --disable-glibtest --without-vala --without-cairo --without-pango --without-pangocairo --without-gdk-pixbuf --without-lensfun --without-libjpeg --without-libpng --without-librsvg --without-openexr --without-sdl --without-libopenraw --without-jasper --without-graphviz --without-lua --without-libavformat --without-libv4l --without-libspiro --without-exiv2 --without-umfpack make -j$(nproc ) sudo make install sudo apt-get install libgegl-0.4-0 cd ..wget https://mirror.klaus-uwe.me/gimp/pub/gimp/v2.8/gimp-2.8.16.tar.bz2 tar xvf gimp-2.8.16.tar.bz2 && cd gimp-2.8.16/ CC=afl-clang-lto CXX=afl-clang-lto++ PKG_CONFIG_PATH=$PKG_CONFIG_PATH :$HOME /Fuzzing_gimp/gegl-0.2.0/ CFLAGS="-fsanitize=address" CXXFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address" ./configure --disable-gtktest --disable-glibtest --disable-alsatest --disable-nls --without-libtiff --without-libjpeg --without-bzip2 --without-gs --without-libpng --without-libmng --without-libexif --without-aa --without-libxpm --without-webkit --without-librsvg --without-print --without-poppler --without-cairo-pdf --without-gvfs --without-libcurl --without-wmf --without-libjasper --without-alsa --without-gudev --disable-python --enable-gimp-console --without-mac-twain --without-script-fu --without-gudev --without-dbus --disable-mp --without-linux-input --without-xvfb-run --with-gif-compression=none --without-xmc --with-shm=none --enable-debug --prefix="$HOME /Fuzzing_gimp/gimp-2.8.16/install" make -j$(nproc ) make install mkdir afl_in && cd afl_inwget https://github.com/antonio-morales/Fuzzing101/blob/main/Exercise%206/SampleInput.xcf cd ..rm ./install/lib/gimp/2.0/plug-ins/*ASAN_OPTIONS=detect_leaks=0,abort_on_error=1,symbolize=0 afl-fuzz -i './afl_in' -o './afl_out' -D -t 100 -- ./install/bin/gimp-console-2.8 --verbose -d -f @@
部分问题解决
缺少共享库文件导致fuzz跑不起来
原因:GIMP依赖的gegl-0.2编译有些问题,导致缺少libgegl-0.2.so.0文件
解决:不手动编译gegl-0.2,使用apt安装gegl-0.4→sudo apt-get install libgegl-0.4-0
输入用例超时
原因:输入用例的问题
解决:自己使用gimp创建几个新项目,涂涂改改然后保存到afl++的输入文件夹中
结果
Exercise8
完整流程 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 sudo apt-get install libxml2:i386 wget ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.5.1/enu/AdbeRdr9.5.1-1_i386linux_enu.deb sudo dpkg -i AdbeRdr9.5.1-1_i386linux_enu.deb /opt/Adobe/Reader9/bin/acroread wget https://corpora.tika.apache.org/base/packaged/pdfs/archive/pdfs_202002/libre_office.zip unzip libre_office.zip -d extracted mkdir -p $HOME /fuzzing_adobe/afl_infind ./extracted -type f -size -2k \ -exec cp {} $HOME /fuzzing_adobe/afl_in \; sudo apt-get install valgrind sudo apt-get install kcachegrind ACRO_INSTALL_DIR=/opt/Adobe/Reader9/Reader ACRO_CONFIG=intellinux LD_LIBRARY_PATH=$LD_LIBRARY_PATH :'/opt/Adobe/Reader9/Reader/intellinux/lib' afl-fuzz -Q -i ./afl_in/ -o ./afl_out/ -t 2000 -- /opt/Adobe/Reader9/Reader/intellinux/bin/acroread -toPostScript @@
部分问题解决
Exercise10
完整流程 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 sudo apt --yes install clang libpython2.7 libpython2.7-dev libcurl4 git cd $HOME wget https://swift.org/builds/swift-4.2.1-release/ubuntu1804/swift-4.2.1-RELEASE/swift-4.2.1-RELEASE-ubuntu18.04.tar.gz tar xzvf swift-4.2.1-RELEASE-ubuntu18.04.tar.gz sudo mv swift-4.2.1-RELEASE-ubuntu18.04 /usr/share/swift echo "export PATH=/usr/share/swift/usr/bin:$PATH " >> ~/.bashrcsource ~/.bashrccd $HOME wget https://github.com/googleprojectzero/fuzzilli/archive/refs/tags/v0.9.zip unzip v0.9.zip cd fuzzilli-0.9/swift build -c release -Xlinker='-lrt' cd $HOME mkdir depot_tools && cd depot_toolsgit clone https://github.com/yzgyyang/depot-tools echo "export PATH=`pwd`/depot-tools:$PATH " >> ~/.bashrcsource ~/.bashrccd $HOME mkdir Fuzzing_v8_75 && cd Fuzzing_v8_75fetch v8 cd v8git checkout 1ca088652d3aad04caceb648bcffef100bc4abc0 gclient sync
部分问题解决