From 7c8d8233966c5f3009710efeb9c9efb50015ebbb Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 9 Jul 2020 12:07:29 +0200 Subject: dockerfile updates --- Dockerfile | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) (limited to 'Dockerfile') diff --git a/Dockerfile b/Dockerfile index 905e8265..0b1645b4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ # has focal has gcc-10 but not g++-10 ... # -FROM ubuntu:20.04 +FROM ubuntu:20.04 AS aflplusplus MAINTAINER afl++ team LABEL "about"="AFLplusplus docker image" @@ -20,7 +20,7 @@ RUN apt-get update && apt-get upgrade -y && \ python3 python3-dev python3-setuptools python-is-python3 \ libtool libtool-bin \ libglib2.0-dev \ - wget vim jupp nano \ + wget vim jupp nano bash-completion \ apt-utils apt-transport-https ca-certificates gnupg dialog \ libpixman-1-dev @@ -46,17 +46,15 @@ RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-10 0 RUN rm -rf /var/cache/apt/archives/* -ARG CC=gcc-10 -ARG CXX=g++-10 -ARG LLVM_CONFIG=llvm-config-11 +ENV LLVM_CONFIG=llvm-config-11 +ENV AFL_SKIP_CPUFREQ=1 -RUN git clone https://github.com/AFLplusplus/AFLplusplus -RUN cd AFLplusplus && export REAL_CXX=g++-10 && make distrib && \ - make install && make clean +RUN git clone https://github.com/AFLplusplus/AFLplusplus /AFLplusplus +RUN cd /AFLplusplus && export REAL_CXX=g++-10 && export CC=gcc-10 && \ + export CXX=g++-10 && make distrib && make install && make clean -RUN git clone https://github.com/vanhauser-thc/afl-cov afl-cov -RUN cd afl-cov && make install +RUN git clone https://github.com/vanhauser-thc/afl-cov /afl-cov +RUN cd /afl-cov && make install RUN echo 'alias joe="jupp --wordwrap"' >> ~/.bashrc -ENV AFL_SKIP_CPUFREQ=1 -- cgit 1.4.1 From a74ec89461929e8521cc2285be6d96c5abac8462 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Fri, 31 Jul 2020 15:37:50 +0200 Subject: fixed dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Dockerfile') diff --git a/Dockerfile b/Dockerfile index 0b1645b4..4026f105 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update && apt-get upgrade -y && \ apt-utils apt-transport-https ca-certificates gnupg dialog \ libpixman-1-dev -RUN echo deb http://apt.llvm.org/focal/ llvm-toolchain-focal main >> /etc/apt/sources.list && \ +RUN echo deb http://apt.llvm.org/focal/ llvm-toolchain-focal-11 main >> /etc/apt/sources.list && \ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - RUN echo deb http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu focal main >> /etc/apt/sources.list && \ -- cgit 1.4.1 From 071fcac430dea6208bdb80ff55acb8428b273a20 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Fri, 31 Jul 2020 15:55:48 +0200 Subject: building docker from cloned repo --- .dockerignore | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Dockerfile | 10 +++++---- 2 files changed, 71 insertions(+), 4 deletions(-) create mode 100644 .dockerignore (limited to 'Dockerfile') diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..d05bf1c6 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,65 @@ +.test +.test2 +.sync_tmp +*.o +*.so +*.pyc +*.dSYM +as +ld +in +out +core* +afl-analyze +afl-as +afl-clang +afl-clang\+\+ +afl-clang-fast +afl-clang-fast\+\+ +afl-clang-lto +afl-clang-lto\+\+ +afl-fuzz +afl-g\+\+ +afl-gcc +afl-gcc-fast +afl-g\+\+-fast +afl-gotcpu +afl-ld +afl-ld-lto +afl-qemu-trace +afl-showmap +afl-tmin +afl-analyze.8 +afl-as.8 +afl-clang-fast\+\+.8 +afl-clang-fast.8 +afl-clang-lto.8 +afl-clang-lto\+\+.8 +afl-cmin.8 +afl-cmin.bash.8 +afl-fuzz.8 +afl-gcc.8 +afl-gcc-fast.8 +afl-g\+\+-fast.8 +afl-gotcpu.8 +afl-plot.8 +afl-showmap.8 +afl-system-config.8 +afl-tmin.8 +afl-whatsup.8 +qemu_mode/libcompcov/compcovtest +qemu_mode/qemu-* +unicorn_mode/samples/*/\.test-* +unicorn_mode/samples/*/output +unicorn_mode/unicornafl +test/unittests/unit_maybe_alloc +test/unittests/unit_preallocable +test/unittests/unit_list +test/unittests/unit_rand +test/unittests/unit_hash +examples/afl_network_proxy/afl-network-server +examples/afl_network_proxy/afl-network-client +examples/afl_frida/afl-frida +examples/afl_frida/libtestinstr.so +examples/afl_frida/frida-gum-example.c +examples/afl_frida/frida-gum.h \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 4026f105..4d9f6e84 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,12 +49,14 @@ RUN rm -rf /var/cache/apt/archives/* ENV LLVM_CONFIG=llvm-config-11 ENV AFL_SKIP_CPUFREQ=1 -RUN git clone https://github.com/AFLplusplus/AFLplusplus /AFLplusplus -RUN cd /AFLplusplus && export REAL_CXX=g++-10 && export CC=gcc-10 && \ - export CXX=g++-10 && make distrib && make install && make clean - RUN git clone https://github.com/vanhauser-thc/afl-cov /afl-cov RUN cd /afl-cov && make install +COPY . /AFLplusplus +WORKDIR /AFLplusplus + +RUN export REAL_CXX=g++-10 && export CC=gcc-10 && \ + export CXX=g++-10 && make clean && make distrib && make install && make clean + RUN echo 'alias joe="jupp --wordwrap"' >> ~/.bashrc -- cgit 1.4.1 From f335c48686c2f4119d1d0b1207f5d5ceb3d4ff04 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 3 Aug 2020 11:50:10 +0200 Subject: better PS1 in dockerfile --- Dockerfile | 8 +++++--- TODO.md | 12 ++++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) (limited to 'Dockerfile') diff --git a/Dockerfile b/Dockerfile index 4d9f6e84..64b04ba6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -50,13 +50,15 @@ ENV LLVM_CONFIG=llvm-config-11 ENV AFL_SKIP_CPUFREQ=1 RUN git clone https://github.com/vanhauser-thc/afl-cov /afl-cov -RUN cd /afl-cov && make install +RUN cd /afl-cov && make install && cd .. COPY . /AFLplusplus WORKDIR /AFLplusplus RUN export REAL_CXX=g++-10 && export CC=gcc-10 && \ - export CXX=g++-10 && make clean && make distrib && make install && make clean + export CXX=g++-10 && make clean && \ + make distrib && make install && make clean RUN echo 'alias joe="jupp --wordwrap"' >> ~/.bashrc - +RUN echo 'export PS1="[afl++]$PS1"' >> ~/.bashrc +ENV IS_DOCKER="1" diff --git a/TODO.md b/TODO.md index 3e55f2f1..999cb9d3 100644 --- a/TODO.md +++ b/TODO.md @@ -30,3 +30,15 @@ qemu_mode: persistent mode - add/implement AFL_QEMU_INST_LIBLIST and AFL_QEMU_NOINST_PROGRAM - add/implement AFL_QEMU_INST_REGIONS as a list of _START/_END addresses + +## Ideas + + - LTO/sancov: write current edge to prev_loc and use that information when + using cmplog or __sanitizer_cov_trace_cmp*. maybe we can deduct by follow + up edge numbers that both following cmp paths have been found and then + disable working on this edge id + + - new tancov: use some lightweight taint analysis to see which parts of a + new queue entry is accessed and only fuzz these bytes - or better, only + fuzz those bytes that are newly in coverage compared to the queue entry + the new one is based on -- cgit 1.4.1