diff options
| author | Giovanni Di Santi <giovanni.disanti@protonmail.com> | 2024-06-29 22:05:22 +0200 |
|---|---|---|
| committer | Giovanni Di Santi <giovanni.disanti@protonmail.com> | 2024-06-29 22:05:22 +0200 |
| commit | a161aac7c1eb8b689f4afc818b25072796e62746 (patch) | |
| tree | b604a7fabdc655a75269efff7d064140b67c927a | |
| parent | 36db3428ab16156dd72196213d2a02a5eadaed11 (diff) | |
| download | afl++-a161aac7c1eb8b689f4afc818b25072796e62746.tar.gz | |
ijon set: init
| -rw-r--r-- | dynamic_list.txt | 1 | ||||
| -rw-r--r-- | frida_mode/frida.map | 1 | ||||
| -rw-r--r-- | frida_mode/include/instrument.h | 3 | ||||
| -rw-r--r-- | frida_mode/src/instrument/instrument.c | 6 | ||||
| -rw-r--r-- | frida_mode/src/js/api.js | 7 | ||||
| -rw-r--r-- | frida_mode/src/js/js_api.c | 6 | ||||
| -rw-r--r-- | frida_mode/test/fasan/.gdb_history | 0 | ||||
| -rw-r--r-- | instrumentation/afl-compiler-rt.o.c | 6 | ||||
| -rw-r--r-- | src/afl-cc.c | 7 |
9 files changed, 35 insertions, 2 deletions
diff --git a/dynamic_list.txt b/dynamic_list.txt index 50c0c6b8..1a5c514a 100644 --- a/dynamic_list.txt +++ b/dynamic_list.txt @@ -30,6 +30,7 @@ "__afl_selective_coverage_temp"; "__afl_sharedmem_fuzzing"; "__afl_trace"; + "__afl_ijon_set"; "__cmplog_ins_hook1"; "__cmplog_ins_hook16"; "__cmplog_ins_hook2"; diff --git a/frida_mode/frida.map b/frida_mode/frida.map index a98c2096..90ea1421 100644 --- a/frida_mode/frida.map +++ b/frida_mode/frida.map @@ -45,6 +45,7 @@ js_api_set_stdout; js_api_set_traceable; js_api_set_verbose; + js_api_ijon_set; local: *; diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index 1825e331..7f4958a2 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -22,6 +22,7 @@ extern guint64 instrument_fixed_seed; extern uint8_t *__afl_area_ptr; extern uint32_t __afl_map_size; +extern void __afl_ijon_set(uint32_t); extern __thread guint64 *instrument_previous_pc_addr; @@ -72,5 +73,7 @@ void instrument_cache(const cs_insn *instr, GumStalkerOutput *output); void instrument_write_regs(GumCpuContext *cpu_context, gpointer user_data); void instrument_regs_format(int fd, char *format, ...); +void ijon_set(uint32_t edge); + #endif diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index db73d845..cbb8afd9 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -449,3 +449,9 @@ void instrument_regs_format(int fd, char *format, ...) { } +void ijon_set(uint32_t edge) { + + __afl_ijon_set(edge); + +} + diff --git a/frida_mode/src/js/api.js b/frida_mode/src/js/api.js index a65d32df..9e2b15c5 100644 --- a/frida_mode/src/js/api.js +++ b/frida_mode/src/js/api.js @@ -326,6 +326,12 @@ class Afl { static jsApiGetSymbol(name) { return Afl.module.getExportByName(name); } + + static IJON = class { + static set(addr, val) { + Afl.jsApiIjonSet((addr ^ val) & 0xffffffff); + } + } } /** * Field containing the `Module` object for `afl-frida-trace.so` (the FRIDA mode @@ -377,3 +383,4 @@ Afl.jsApiSetVerbose = Afl.jsApiGetFunction("js_api_set_verbose", "void", []); Afl.jsApiWrite = new NativeFunction( /* tslint:disable-next-line:no-null-keyword */ Module.getExportByName(null, "write"), "int", ["int", "pointer", "int"]); +Afl.jsApiIjonSet = Afl.jsApiGetFunction("js_api_ijon_set", "void", ["uint32"]); diff --git a/frida_mode/src/js/js_api.c b/frida_mode/src/js/js_api.c index 288aec95..274cd1bc 100644 --- a/frida_mode/src/js/js_api.c +++ b/frida_mode/src/js/js_api.c @@ -316,3 +316,9 @@ __attribute__((visibility("default"))) void js_api_set_verbose(void) { } +__attribute__((visibility("default"))) void js_api_ijon_set(uint32_t edge) { + + ijon_set(edge); + +} + diff --git a/frida_mode/test/fasan/.gdb_history b/frida_mode/test/fasan/.gdb_history new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/frida_mode/test/fasan/.gdb_history diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index c08e6380..bf498781 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -2761,5 +2761,11 @@ void __afl_injection_xss(u8 *buf) { } +void __afl_ijon_set(u32 edge) { + + __afl_area_ptr[edge % __afl_map_size] |= 1; + +} + #undef write_error diff --git a/src/afl-cc.c b/src/afl-cc.c index 7afab850..2a027ce4 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1528,7 +1528,8 @@ void add_defs_selective_instr(aflcc_state_t *aflcc) { "extern \"C\" void __afl_coverage_discard();" "extern \"C\" void __afl_coverage_skip();" "extern \"C\" void __afl_coverage_on();" - "extern \"C\" void __afl_coverage_off();"); + "extern \"C\" void __afl_coverage_off();" + "extern \"C\" void __afl_ijon_set(unsigned int);"); } else { @@ -1537,7 +1538,8 @@ void add_defs_selective_instr(aflcc_state_t *aflcc) { "void __afl_coverage_discard();" "void __afl_coverage_skip();" "void __afl_coverage_on();" - "void __afl_coverage_off();"); + "void __afl_coverage_off();" + "void __afl_ijon_set(unsigned int);"); } @@ -1549,6 +1551,7 @@ void add_defs_selective_instr(aflcc_state_t *aflcc) { insert_param(aflcc, "-D__AFL_COVERAGE_OFF()=__afl_coverage_off()"); insert_param(aflcc, "-D__AFL_COVERAGE_DISCARD()=__afl_coverage_discard()"); insert_param(aflcc, "-D__AFL_COVERAGE_SKIP()=__afl_coverage_skip()"); + insert_param(aflcc, "-D__AFL_IJON_SET(_A)=__afl_ijon_set(_A)"); } |