diff options
Diffstat (limited to 'frida_mode/test/cmplog')
| -rw-r--r-- | frida_mode/test/cmplog/GNUmakefile | 43 | ||||
| -rw-r--r-- | frida_mode/test/cmplog/Makefile | 12 | ||||
| -rw-r--r-- | frida_mode/test/cmplog/cmplog.c | 100 | 
3 files changed, 134 insertions, 21 deletions
| diff --git a/frida_mode/test/cmplog/GNUmakefile b/frida_mode/test/cmplog/GNUmakefile index c203fc5e..40de6a09 100644 --- a/frida_mode/test/cmplog/GNUmakefile +++ b/frida_mode/test/cmplog/GNUmakefile @@ -2,8 +2,8 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../../)/ BUILD_DIR:=$(PWD)build/ -TEST_CMPLOG_DIR:=$(ROOT)qemu_mode/libcompcov/ -TEST_CMPLOG_OBJ=$(TEST_CMPLOG_DIR)compcovtest +TEST_CMPLOG_SRC=$(PWD)cmplog.c +TEST_CMPLOG_OBJ=$(BUILD_DIR)compcovtest TEST_BIN:=$(PWD)../../build/test @@ -13,20 +13,14 @@ CMP_LOG_INPUT:=$(TEST_DATA_DIR)in QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -ARCH=$(shell uname -m) -ifeq "$(ARCH)" "aarch64" - AFL_FRIDA_INST_RANGES=$(shell $(PWD)get_section_addrs.py -f $(TEST_CMPLOG_OBJ) -s .text -b 0x0000aaaaaaaaa000) -endif +.PHONY: all 32 clean qemu frida format -ifeq "$(ARCH)" "x86_64" - AFL_FRIDA_INST_RANGES=$(shell $(PWD)get_section_addrs.py -f $(TEST_CMPLOG_OBJ) -s .text -b 0x0000555555554000) -endif - -.PHONY: all clean qemu frida - -all: +all: $(TEST_CMPLOG_OBJ) make -C $(ROOT)frida_mode/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -34,33 +28,42 @@ $(TEST_DATA_DIR): | $(BUILD_DIR) mkdir -p $@ $(CMP_LOG_INPUT): | $(TEST_DATA_DIR) - truncate -s 64 $@ + echo -n "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" > $@ -$(TEST_CMPLOG_OBJ): $(TEST_CMPLOG_DIR)compcovtest.cc - make -C $(TEST_CMPLOG_DIR) compcovtest +$(TEST_CMPLOG_OBJ): $(TEST_CMPLOG_SRC) | $(BUILD_DIR) + $(CXX) -std=c++11 -g $(CFLAGS) $(LDFLAGS) $< -o $@ qemu: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) $(ROOT)afl-fuzz \ - -D \ -Q \ -i $(TEST_DATA_DIR) \ -o $(QEMU_OUT) \ -c 0 \ -l 3AT \ + -Z \ -- \ $(TEST_CMPLOG_OBJ) @@ frida: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) - XAFL_FRIDA_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ $(ROOT)afl-fuzz \ - -D \ -O \ -i $(TEST_DATA_DIR) \ -o $(FRIDA_OUT) \ -c 0 \ -l 3AT \ + -Z \ -- \ $(TEST_CMPLOG_OBJ) @@ +debug: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --ex 'r $(CMP_LOG_INPUT)' \ + --args $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + clean: - rm -rf $(BUILD_DIR) \ No newline at end of file + rm -rf $(BUILD_DIR) + +format: + cd $(ROOT) && echo $(TEST_CMPLOG_SRC) | xargs -L1 ./.custom-format.py -i diff --git a/frida_mode/test/cmplog/Makefile b/frida_mode/test/cmplog/Makefile index f322d1f5..606b43a5 100644 --- a/frida_mode/test/cmplog/Makefile +++ b/frida_mode/test/cmplog/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -9,4 +13,10 @@ qemu: @gmake qemu frida: - @gmake frida \ No newline at end of file + @gmake frida + +format: + @gmake format + +debug: + @gmake debug diff --git a/frida_mode/test/cmplog/cmplog.c b/frida_mode/test/cmplog/cmplog.c new file mode 100644 index 00000000..99010645 --- /dev/null +++ b/frida_mode/test/cmplog/cmplog.c @@ -0,0 +1,100 @@ +///////////////////////////////////////////////////////////////////////// +// +// Author: Mateusz Jurczyk (mjurczyk@google.com) +// +// Copyright 2019-2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// solution: echo -ne 'The quick brown fox jumps over the lazy +// dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest + +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +int main(int argc, char **argv) { + + char buffer[44] = {/* zero padding */}; + + FILE *file = stdin; + + if (argc > 1) { + + if ((file = fopen(argv[1], "r")) == NULL) { + + perror(argv[1]); + exit(-1); + + } + + } + + fread(buffer, 1, sizeof(buffer) - 1, file); + + if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 || + strncmp(&buffer[20], "jumps over ", 11) != 0 || + strcmp(&buffer[31], "the lazy dog") != 0) { + + if (argc > 1) { fclose(file); } + return 1; + + } + +#if defined(__x86_64__) + uint64_t x = 0; + fread(&x, sizeof(x), 1, file); + if (x != 0xCAFEBABECAFEBABE) { + + if (argc > 1) { fclose(file); } + return 2; + + } + +#endif + + uint32_t y = 0; + fread(&y, sizeof(y), 1, file); + + if (y != 0xDEADC0DE) { + + if (argc > 1) { fclose(file); } + return 3; + + } + + uint16_t z = 0; + fread(&z, sizeof(z), 1, file); + + switch (z) { + + case 0xBEEF: + break; + + default: + if (argc > 1) { fclose(file); } + return 4; + + } + + printf("Puzzle solved, congrats!\n"); + abort(); + + if (argc > 1) { fclose(file); } + + return 0; + +} + | 
