The afl-kit from kcwu

use afl-showmap binary mode

Since AFL 2.36b, afl-showmap has undocumented -b binary mode. Using it should improve afl-cmin.py performance a lot for quick targets.

input_from_file

input_from_file might be uninitalized before usage in the afl_showmap function on line 159. Just add a

input_from_file = False

at the beginning of the function

Queue not happy at 65535

So I've come back to some fuzzing and wanted to use afl-cmin.py again. At first it looked like everything worked fine, but then suddenly afl-cmin.py stopped and no more traces were being obtained.

First of all, I have a very large corpus I'd like to cmin. It's 80771 files. As I wanted to know where it stops, I added a couple of logger.debug statements like this:

[...]
    logger.info('Obtaining trace results')
    logger.debug('of '+str(len(files))+" files")
    num = 0
    for job in enumerate(files):
        print str(num)+'\r',
        sys.stdout.flush()
        job_queue.put(job)
        num += 1
    logger.debug('Done putting jobs into queue')
[...]

What it does is simply print the number of files that were put into job_queue.put(). When I ran this again, the tool stopped exactly when 65535 files were processed and we are all familiar with that number (2 to the power of 16 minus 1) and then I pressed Ctrl+C when it was stuck:

$ /opt/afl-kit/afl-cmin.py --debug -m 1000 -w 1 -C -i corpus_clean_flat/ -o crashes/ ../../fuzzerside/interface @@
2018-02-18 13:00:58,041 - INFO - Found 80771 input files in 1 directories
2018-02-18 13:01:00,000 - INFO - Remain 80771 files after dedup
2018-02-18 13:01:00,000 - INFO - Testing the target binary
2018-02-18 13:01:00,000 - DEBUG - run command line: /opt/afl-2.52b/afl-showmap -m 1000 -t none -o - -Z -- ../../fuzzerside/interface corpus_clean_flat/n_structure_no_data.json
2018-02-18 13:01:00,101 - INFO - ok, 1593 tuples recorded
2018-02-18 13:01:00,102 - INFO - Obtaining trace results
2018-02-18 13:01:00,103 - DEBUG - of 80771 files
65535
^CTraceback (most recent call last):
  File "/opt/afl-kit/afl-cmin.py", line 323, in <module>
    main()
  File "/opt/afl-kit/afl-cmin.py", line 261, in main
    job_queue.put(job)
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/queues.py", line 101, in put
Process PoolWorker-1:
Traceback (most recent call last):
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
    if not self._sem.acquire(block, timeout):
KeyboardInterrupt
    self.run()
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/process.py", line 114, in run
    self._target(*self._args, **self._kwargs)
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/pool.py", line 102, in worker
    task = get()
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/queues.py", line 378, in get
    return recv()
KeyboardInterrupt
^CError in atexit._run_exitfuncs:
Traceback (most recent call last):
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/atexit.py", line 24, in _run_exitfuncs
    func(*targs, **kargs)
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/util.py", line 325, in _exit_function
    p.join()
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/process.py", line 145, in join
    res = self._popen.wait(timeout)
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/forking.py", line 154, in wait
    return self.poll(0)
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/forking.py", line 135, in poll
    pid, sts = os.waitpid(self.pid, flag)
KeyboardInterrupt
Error in sys.exitfunc:
Traceback (most recent call last):
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/atexit.py", line 24, in _run_exitfuncs
    func(*targs, **kargs)
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/util.py", line 325, in _exit_function
    p.join()
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/process.py", line 145, in join
    res = self._popen.wait(timeout)
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/forking.py", line 154, in wait
    return self.poll(0)
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/forking.py", line 135, in poll
    pid, sts = os.waitpid(self.pid, flag)
KeyboardInterrupt

Did you ever test afl-cmin.py with more than 65'535 files?

I'm currently porting the script from python 2 to python 3 to see if the problem will still exist, but I'm unsure if that's going to solve the problem at all and if I'm really going to finish the port.

Ressource limiting

I just wanted to add that in situations where a lot of forking is going on and ressources used (RAM), afl-cmin.py gets killed by the system, whereas in afl-cmin it only kills the child processes for some reason. I just ran into this problem. So you might want to think about further process ressource limitations.

Index out of range

Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/opt/afl-kit/afl-cmin.py", line 193, in run
if idx < m[t]:
IndexError: array index out of range

kcwu / afl-kit Goto Github PK

afl-kit's People

Contributors

Stargazers

Watchers

Forkers

afl-kit's Issues

use afl-showmap binary mode

input_from_file

Queue not happy at 65535

Ressource limiting

Index out of range

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent