diff options
| -rw-r--r-- | docs/ChangeLog | 3 | ||||
| -rw-r--r-- | docs/PATCHES | 1 | ||||
| -rw-r--r-- | docs/README | 4 | ||||
| -rw-r--r-- | docs/binaryonly_fuzzing.txt | 16 | ||||
| -rw-r--r-- | unicorn_mode/README.md | 13 |
5 files changed, 31 insertions, 6 deletions
diff --git a/docs/ChangeLog b/docs/ChangeLog index 0b4927bc..d393f92c 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -14,9 +14,10 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. ----------------------------- -Version ++2.52d (tbd): +Version ++2.52d (dev): ----------------------------- + - unicorn_mode got added - thank to domenukk for the patch! - fix a crash in qemu_mode which also exists in stock afl - added libcompcov, a laf-intel implementation for qemu! :) see qemu_mode/libcompcov/README.libcompcov diff --git a/docs/PATCHES b/docs/PATCHES index f6ca9284..8b188814 100644 --- a/docs/PATCHES +++ b/docs/PATCHES @@ -17,6 +17,7 @@ afl-qemu-optimize-entrypoint.diff by mh(at)mh-sec(dot)de afl-qemu-speed.diff by abiondo on github afl-qemu-optimize-map.diff by mh(at)mh-sec(dot)de ++ unicorn_mode (modernized and updated by domenukk) + instrim (https://github.com/csienslab/instrim) was integrated + MOpt (github.com/puppet-meteor/MOpt-AFL) was imported + AFLfast additions (github.com/mboehme/aflfast) were incorporated. diff --git a/docs/README b/docs/README index 5e0c4419..c2c93f38 100644 --- a/docs/README +++ b/docs/README @@ -27,6 +27,10 @@ american fuzzy lop plus plus Also newly integrated is instrim, a very effective CFG llvm_mode instrumentation implementation from https://github.com/csienslab/instrim + And finally the newest addition is the unicorn_mode which allows fuzzing + of binaries from completely different platforms - provided by domenukk! + The unicorn afl mode is not the stock version but like afl++ contains + various patches from forks that make it better :) A more thorough list is available in the PATCHES file. diff --git a/docs/binaryonly_fuzzing.txt b/docs/binaryonly_fuzzing.txt index 04e449c0..fd260450 100644 --- a/docs/binaryonly_fuzzing.txt +++ b/docs/binaryonly_fuzzing.txt @@ -12,7 +12,7 @@ The following is a description of how these can be fuzzed with afl++ !!!!! TL;DR: try DYNINST with afl-dyninst. If it produces too many crashes then - use afl -Q qemu_mode. + use afl -Q qemu_mode, or better: use both in parallel. !!!!! @@ -121,6 +121,20 @@ Pintool solutions: https://github.com/spinpx/afl_pin_mode <= only old Pintool version supported +Non-AFL solutions +----------------- + +There are many binary-only fuzzing frameworks. Some are great for CTFs but don't +work with large binaries, other are very slow but have good path discovery, +some are very hard to set-up ... + +QSYM: https://github.com/sslab-gatech/qsym +Manticore: https://github.com/trailofbits/manticore +S2E: https://github.com/S2E +<please send me any missing that are good> + + + That's it! News, corrections, updates? Email vh@thc.org diff --git a/unicorn_mode/README.md b/unicorn_mode/README.md index 5d8b3ce0..24151387 100644 --- a/unicorn_mode/README.md +++ b/unicorn_mode/README.md @@ -7,10 +7,15 @@ ``` -afl-unicorn lets you fuzz any piece of binary that can be emulated by [Unicorn Engine](http://www.unicorn-engine.org/). +afl-unicorn lets you fuzz any piece of binary that can be emulated by +[Unicorn Engine](http://www.unicorn-engine.org/). -For an in-depth description of what this is, how to install it, and how to use it check out this [blog post](https://medium.com/@njvoss299/afl-unicorn-fuzzing-arbitrary-binary-code-563ca28936bf). +For the full readme please see docs/unicorn_mode.txt -For general help with AFL, please refer to both the official [AFL website](http://lcamtuf.coredump.cx/afl/) and the documents in the /doc/ directory. +For an in-depth description of what this is, how to install it, and how to use +it check out this [blog post](https://medium.com/@njvoss299/afl-unicorn-fuzzing-arbitrary-binary-code-563ca28936bf). -Created by Nathan Voss, originally funded by [Battelle](https://www.battelle.org/cyber). \ No newline at end of file +For general help with AFL, please refer to the documents in the /doc/ directory. + +Created by Nathan Voss, originally funded by +[Battelle](https://www.battelle.org/cyber). |