diff options
Diffstat (limited to 'qemu_mode')
| -rw-r--r-- | qemu_mode/libcompcov/Makefile | 7 | ||||
| -rw-r--r-- | qemu_mode/libcompcov/compcovtest.cc | 63 | ||||
| -rw-r--r-- | qemu_mode/libcompcov/libcompcov.so.c | 11 | 
3 files changed, 79 insertions, 2 deletions
| diff --git a/qemu_mode/libcompcov/Makefile b/qemu_mode/libcompcov/Makefile index 5f4a33c6..c984588b 100644 --- a/qemu_mode/libcompcov/Makefile +++ b/qemu_mode/libcompcov/Makefile @@ -22,7 +22,7 @@ CFLAGS ?= -O3 -funroll-loops CFLAGS += -Wall -Wno-unused-result -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign LDFLAGS += -ldl -all: libcompcov.so +all: libcompcov.so compcovtest libcompcov.so: libcompcov.so.c ../../config.h $(CC) $(CFLAGS) -shared -fPIC $< -o $@ $(LDFLAGS) @@ -31,7 +31,10 @@ libcompcov.so: libcompcov.so.c ../../config.h clean: rm -f *.o *.so *~ a.out core core.[1-9][0-9]* - rm -f libcompcov.so + rm -f libcompcov.so compcovtest + +compcovtest: compcovtest.cc + $(CXX) $< -o $@ install: all install -m 755 libcompcov.so $${DESTDIR}$(HELPER_PATH) diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc new file mode 100644 index 00000000..fd1fda00 --- /dev/null +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -0,0 +1,63 @@ +///////////////////////////////////////////////////////////////////////// +// +// Author: Mateusz Jurczyk (mjurczyk@google.com) +// +// Copyright 2019 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// solution: echo -ne 'The quick brown fox jumps over the lazy dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest + +#include <cstdint> +#include <cstdio> +#include <cstdlib> +#include <cstring> + +int main() { + char buffer[44] = { /* zero padding */ }; + fread(buffer, 1, sizeof(buffer) - 1, stdin); + + if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 || + strncmp(&buffer[20], "jumps over ", 11) != 0 || + strcmp(&buffer[31], "the lazy dog") != 0) { + return 1; + } + + uint64_t x = 0; + fread(&x, sizeof(x), 1, stdin); + if (x != 0xCAFEBABECAFEBABE) { + return 2; + } + + uint32_t y = 0; + fread(&y, sizeof(y), 1, stdin); + if (y != 0xDEADC0DE) { + return 3; + } + + uint16_t z = 0; + fread(&z, sizeof(z), 1, stdin); + + switch (z) { + case 0xBEEF: + break; + + default: + return 4; + } + + printf("Puzzle solved, congrats!\n"); + abort(); + return 0; +} diff --git a/qemu_mode/libcompcov/libcompcov.so.c b/qemu_mode/libcompcov/libcompcov.so.c index 19eb821e..582230db 100644 --- a/qemu_mode/libcompcov/libcompcov.so.c +++ b/qemu_mode/libcompcov/libcompcov.so.c @@ -51,6 +51,8 @@ static int (*__libc_strcasecmp)(const char*, const char*); static int (*__libc_strncasecmp)(const char*, const char*, size_t); static int (*__libc_memcmp)(const void*, const void*, size_t); +static int debug_fd = -1; + static size_t __strlen2(const char *s1, const char *s2, size_t max_length) { // from https://github.com/googleprojectzero/CompareCoverage @@ -118,6 +120,12 @@ static void __compcov_trace(u64 cur_loc, const u8* v0, const u8* v1, size_t n) { size_t i; + if (debug_fd != 1) { + char debugbuf[4096]; + snprintf(debugbuf, sizeof(debugbuf), "0x%llx %s %s %lu\n", cur_loc, v0 == NULL ? "(null)" : (char*)v0, v1 == NULL ? "(null)" : (char*)v1, n); + write(debug_fd, debugbuf, strlen(debugbuf)); + } + for (i = 0; i < n && v0[i] == v1[i]; ++i) { __compcov_afl_map[cur_loc +i]++; @@ -262,6 +270,9 @@ int memcmp(const void* mem1, const void* mem2, size_t len) { __attribute__((constructor)) void __compcov_init(void) { + if (getenv("AFL_QEMU_COMPCOV_DEBUG") != NULL) + debug_fd = open("compcov.debug", O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, 0644); + __compcov_load(); } | 
