about summary refs log tree commit diff
path: root/docs/binaryonly_fuzzing.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/binaryonly_fuzzing.md')
-rw-r--r--docs/binaryonly_fuzzing.md28
1 files changed, 15 insertions, 13 deletions
diff --git a/docs/binaryonly_fuzzing.md b/docs/binaryonly_fuzzing.md
index 90ea3b66..2c0872cf 100644
--- a/docs/binaryonly_fuzzing.md
+++ b/docs/binaryonly_fuzzing.md
@@ -96,12 +96,22 @@
    It is slower than AFL FRIDA (see above).
 
 
+## ZAFL
+  ZAFL is a static rewriting platform supporting x86-64 C/C++, stripped/unstripped, 
+  and PIE/non-PIE binaries. Beyond conventional instrumentation, ZAFL's API enables 
+  transformation passes (e.g., laf-Intel, context sensitivity, InsTrim, etc.).
+
+  Its baseline instrumentation speed typically averages 90-95% of afl-clang-fast's.
+
+  [https://git.zephyr-software.com/opensrc/zafl](https://git.zephyr-software.com/opensrc/zafl)
+
+
 ## DYNINST
 
   Dyninst is a binary instrumentation framework similar to Pintool and
   Dynamorio (see far below). However whereas Pintool and Dynamorio work at
   runtime, dyninst instruments the target at load time, and then let it run -
-  or save the  binary with the changes.
+  or save the binary with the changes.
   This is great for some things, e.g. fuzzing, and not so effective for others,
   e.g. malware analysis.
 
@@ -116,13 +126,10 @@
   The speed decrease is about 15-35%, depending on the optimization options
   used with afl-dyninst.
 
-  So if Dyninst works, it is the best option available. Otherwise it just
-  doesn't work well.
-
   [https://github.com/vanhauser-thc/afl-dyninst](https://github.com/vanhauser-thc/afl-dyninst)
 
 
-## RETROWRITE, ZAFL, ... other binary rewriter
+## RETROWRITE
 
   If you have an x86/x86_64 binary that still has its symbols, is compiled
   with position independant code (PIC/PIE) and does not use most of the C++
@@ -131,7 +138,6 @@
 
   It is at about 80-85% performance.
 
-  [https://git.zephyr-software.com/opensrc/zafl](https://git.zephyr-software.com/opensrc/zafl)
   [https://github.com/HexHive/retrowrite](https://github.com/HexHive/retrowrite)
 
 
@@ -169,13 +175,9 @@
 ## CORESIGHT
 
   Coresight is ARM's answer to Intel's PT.
-  There is no implementation so far which handles coresight and getting
-  it working on an ARM Linux is very difficult due to custom kernel building
-  on embedded systems is difficult. And finding one that has coresight in
-  the ARM chip is difficult too.
-  My guess is that it is slower than Qemu, but faster than Intel PT.
-
-  If anyone finds any coresight implementation for AFL please ping me: vh@thc.org
+  With afl++ v3.15 there is a coresight tracer implementation available in
+  `coresight_mode/` which is faster than QEMU, however can not run in parallel.
+  Currently only one process can be traced, it is WIP.
 
 
 ## PIN & DYNAMORIO
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-18 19:46:26 +0000