finalize 1

commit final things

2 files changed, 22 insertions, 75 deletions

diff --git a/utils/autodict_ql/autodict-ql.py b/utils/autodict_ql/autodict-ql.py
index 69d11f48..ddc95435 100644
--- a/utils/autodict_ql/autodict-ql.py
+++ b/utils/autodict_ql/autodict-ql.py
@@ -1,4 +1,14 @@
 #!/usr/bin/env python3
+# AutoDict-QL - Optimal Token Generation for Fuzzing
+# Part of AFL++ Project
+# Developed and Maintained by Arash Ale Ebrahim (@Microsvuln)
+# Usage : python3 autodict-ql.py [CURRECT_DIR] [CODEQL_DATABASE_PATH] [TOKEN_PATH]
+# CURRENT_DIR = full of your current Dir
+# CODEQL_DATABASE_PATH = Full path to your CodeQL database
+# TOKEN_PATH = Folder name of the newly generated tokens
+# Example : python3 autodict-ql.py /home/user/libxml/automate /home/user/libxml/libxml-db tokens
+# Just pass the tokens folder to the -x flag of your fuzzer
+
 import os
 import string
 import binascii 
@@ -42,47 +52,25 @@ def static_analysis(file,file2,cur,db) :
         f.close()
 
 def copy_tokens(cur, tokenpath) :
-    subprocess.call(["cp " + cur  + "/" + "arrays-lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True)
-    subprocess.call(["cp " + cur  + "/" + "strstr-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True)
     subprocess.call(["cp " + cur  + "/" + "strcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True)
     subprocess.call(["cp " + cur  + "/" + "strncmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True)
-    subprocess.call(["cp " + cur  + "/" + "local-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True)
     subprocess.call(["cp " + cur  + "/" + "memcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True)
-    subprocess.call(["cp " + cur  + "/" + "global-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True)
     subprocess.call(["cp " + cur  + "/" + "lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True)
-    subprocess.call(["cp " + cur  + "/" + "arrays-lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True)
-    subprocess.call(["cp " + cur  + "/" + "arrays-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True)
     subprocess.call(["cp " + cur  + "/" + "strtool-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True)
-    #strtool-strs
+
 
 
 def codeql_analysis(cur, db) :
     static_analysis("litout.out","litool.ql", cur, db)
     static_analysis("strcmp-strings.out","strcmp-str.ql", cur, db)
     static_analysis("strncmp-strings.out","strncmp-str.ql", cur, db)
-    static_analysis("strstr-strings.out","strstr-str.ql", cur, db)
     static_analysis("memcmp-strings.out","memcmp-str.ql", cur, db)
-    static_analysis("global-values-strings.out","globals-values.ql", cur, db)
-    static_analysis("local-strings.out","locals-strs.ql", cur, db)
     static_analysis("strtool-strings.out","strtool.ql", cur, db)
-    static_analysis("arrays.out","array-literals.ql", cur, db)
-    start_aflql(0,cur)
-    #command1 = [
-    #       'codeql','query', 'run',
-    #       cur + '/litool.ql',
-    #       '-d',
-    #       db, '>','fff.txt'
-    #    ]
-    #with open("litool2.log", "w") as f:
-    #    stream = os.popen("codeql query run litool.ql -d " + db )
-    #    output = stream.read()
-    #    f.write(output)
-    #    f.close()
-    #worker1 = subprocess.Popen(command1)
-    #print(worker1.communicate())
-
-
-def start_aflql(tokenpath, cur):
+    start_autodict(0,cur)
+
+
+
+def start_autodict(tokenpath, cur):
     command = [
            'python3',
            cur + '/litan.py',
@@ -110,23 +98,6 @@ def start_aflql(tokenpath, cur):
     worker3 = subprocess.Popen(command2)
     print(worker3.communicate())
 
-    command3 = [
-           'python3',
-           cur + '/array-lits.py',
-           cur + '/arrays-lits/',
-           cur + '/arrays.out'
-        ]
-    worker4 = subprocess.Popen(command3)
-    print(worker4.communicate())
-
-    command4 = [
-           'python3',
-           cur + '/array-strings.py',
-           cur + '/arrays-strs/',
-           cur + '/arrays.out'
-        ]
-    worker5 = subprocess.Popen(command4)
-    print(worker5.communicate())
 
 
     command5 = [
@@ -138,27 +109,8 @@ def start_aflql(tokenpath, cur):
     worker6 = subprocess.Popen(command5)
     print(worker6.communicate())
 
-    command6 = [
-           'python3',
-           cur + '/globals-strings.py',
-           cur + '/global-strs/',
-           cur + '/global-values-strings.out'
-        ]
-    worker7 = subprocess.Popen(command6)
-    print(worker7.communicate())
-
-    command7 = [
-           'python3',
-           cur + '/strstr-strings.py',
-           cur + '/strstr-strs/',
-           cur + '/strstr-strings.out'
-        ]
-    worker8 = subprocess.Popen(command7)
-    print(worker8.communicate())
 
 
-    #strtool-strings.out
-
     command8 = [
            'python3',
            cur + '/stan-strings.py',
@@ -168,14 +120,7 @@ def start_aflql(tokenpath, cur):
     worker9 = subprocess.Popen(command8)
     print(worker9.communicate())
 
-    command9 = [
-           'python3',
-           cur + '/local-strings.py',
-           cur + '/local-strs/',
-           cur + '/local-strings.out'
-        ]
-    worker10 = subprocess.Popen(command9)
-    print(worker10.communicate())
+
 
 def main():
     args = parse_args()    
@@ -183,6 +128,6 @@ def main():
     #copy_tokens(args.cur, args.tokenpath)
     codeql_analysis(args.cur, args.db)
     copy_tokens(args.cur, args.tokenpath)
-    #start_aflql(args.tokenpath, args.cur)
+    #start_autodict(args.tokenpath, args.cur)
 if __name__ == '__main__':
     main()
\ No newline at end of file
diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md
index 3e4655c8..f8d23098 100644
--- a/utils/autodict_ql/readme.md
+++ b/utils/autodict_ql/readme.md
@@ -67,7 +67,7 @@ Commands:
   github    Commands useful for interacting with the GitHub API through CodeQL.
 ```
 
-2. Compiler your project with CodeQL: For using the Autodict-QL plugin, you need to compile the source of the target you want to fuzz with CodeQL. This is not something hard .
+2. Compile your project with CodeQL: For using the Autodict-QL plugin, you need to compile the source of the target you want to fuzz with CodeQL. This is not something hard .
 	- First you need to create a CodeQL database of the project codebase, suppose we want to compile the libxml with codeql. go to libxml and issue the following commands:
 		- `./configure --disable-shared`
 		- `codeql create database libxml-db --language=cpp --command=make`
@@ -87,10 +87,12 @@ Commands:
 Core developer of the AFL++ project Marc Heuse also developed a similar tool named `dict2file` which is a LLVM pass which can automatically extracts useful tokens, in addition with LTO instrumentation mode, this dict2file is automtically generates token extraction. `Autodict-QL` plugin gives you scripting capability and you can do whatever you want to extract from the Codebase and it's up to you. in addition it's independent from LLVM system.
 On the other hand, you can also use Google dictionaries which have been made public in May 2020, but the problem of using Google dictionaries is that they are limited to specific file format and speicifications. for example, for testing binutils and ELF file format or AVI in FFMPEG, there are no prebuilt dictionary, so it is highly recommended to use `Autodict-QL` or `Dict2File` features to automatically generating dictionaries based on the target.
 
-I've personally prefer to use `Autodict-QL` or `dict2file` rather than Google dictionaries or any other manully generated dictionaries as `Autodict-QL` is working based on the target.
+I've personally prefer to use `Autodict-QL` or `dict2file` rather than Google dictionaries or any other manully generated dictionaries as `Autodict-QL` and `dict2file` is working based on the target.
 In overall, fuzzing with dictionaries and well-generated tokens will give better results.
 
 There are 2 important points to remember :
 
 - If you combine `Autodict-QL` with AFL++ cmplog, you will get much better code coverage and hence better chance to discover new bugs.
 - Do not remember to set the `AFL_MAX_DET_EXTRAS` to the number of generated dictionaries, if you forget to set this environment variable, then AFL++ use just 200 tokens and use the rest of them probablistically. So this will guarantees that your tokens will be used by AFL++.
+
+Thanks are going to Marc Heuse, the AFL++ main developer, Antonio Morales and Stefan Nagy
\ No newline at end of file