From fb0181f5bc8c258fedc7c9cf2c933287e00d2ec5 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 10 Aug 2020 00:53:50 +0200 Subject: readme --- README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.md b/README.md index e4271bb0..23b71c8e 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,24 @@ +# qemu_taint variant. + +CAVEATS: + + * shmem persistent mode does not work + * custom mutators? dunno if they work or not + * MOpt works but totally ignores the taint information + * not tested with qemu_mode + * if all seed entries are fully touched it might not work + +taint can be seen in out/taint/ + +the id:000 mirrors the out/queue entry, except the content it 0x00 for +untainted bytes and '!' for tainted bytes. +If a file has new tainted bytes compared to from which previous entry it +was created then there is a id:000[...].new file where the new bytes are +marked '!'. + +the mutation switches between fuzzing all tainted bytes in one cycle and +only new bytes in the other cycle. + # American Fuzzy Lop plus plus (afl++) AFL++ Logo -- cgit 1.4.1