about summary refs log tree commit diff
path: root/qemu_taint
diff options
context:
space:
mode:
Diffstat (limited to 'qemu_taint')
-rw-r--r--qemu_taint/README.md42
-rwxr-xr-xqemu_taint/build_qemu_taint.sh7
-rwxr-xr-xqemu_taint/clean.sh3
3 files changed, 0 insertions, 52 deletions
diff --git a/qemu_taint/README.md b/qemu_taint/README.md
deleted file mode 100644
index 6a7d19af..00000000
--- a/qemu_taint/README.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# qemu_taint
-
-First level taint implementation with qemu for linux user mode
-
-**THIS IS NOT WORKING YET** **WIP**
-
-## What is this for
-
-On new queue entries (newly discovered paths into the target) this tainter
-is run with the new input and the data gathered which bytes in the input
-file are actually touched.
-
-Only touched bytes are then fuzzed by afl-fuzz
-
-## How to build
-
-./build_qemu_taint.sh
-
-## How to use
-
-Add the -A flag to afl-fuzz
-
-## Caveats
-
-For some targets this is amazing and improves fuzzing a lot, but if a target
-copies all input bytes first (e.g. for creating a crc checksum or just to
-safely work with the data), then this is not helping at all.
-
-## Future
-
-Two fuzz modes for a queue entry which will be switched back and forth:
-
-  1. fuzz all touched bytes
-  2. fuzz only bytes that are newly touched (compared to the one this queue
-     entry is based on)
-
-## TODO
-
-  * Direct trim: trim to highest touched byte, that is all we need to do
-  * add 5-25% dummy bytes to the queue entries? (maybe create a 2nd one?)
-  * Disable trim?
-
diff --git a/qemu_taint/build_qemu_taint.sh b/qemu_taint/build_qemu_taint.sh
deleted file mode 100755
index b54c3e04..00000000
--- a/qemu_taint/build_qemu_taint.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-test -d qemu ||  git clone https://github.com/vanhauser-thc/qemu_taint qemu || exit 1
-cd qemu || exit 1
-test -d .git && { git stash ; git pull ; }
-cp -fv ../../include/config.h ../../include/types.h . || exit 1
-./build.sh || exit 1
-cp -fv ./afl-qemu-taint ../..
diff --git a/qemu_taint/clean.sh b/qemu_taint/clean.sh
deleted file mode 100755
index 10c44cac..00000000
--- a/qemu_taint/clean.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-rm -f afl-qemu-taint qemu/afl-qemu-taint ../afl-qemu-taint
-test -d qemu && { cd qemu ; ./clean.sh ; }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-29 06:03:13 +0000