From 781725aeafcbd6c6393f86b2c9961773a6f24428 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 29 Apr 2020 02:54:57 +0200 Subject: added afl-proxy to examples --- docs/Changelog.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs') diff --git a/docs/Changelog.md b/docs/Changelog.md index dadfa7e0..dd408bd0 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -28,6 +28,8 @@ sending a mail to . - unicorn_mode: - better submodule handling - afl-showmap: fix for -Q mode + - added examples/afl-proxy which can be easily used to fuzz and instrument + non-standard things - all: - forkserver communication now also used for error reporting - fix 32 bit build options -- cgit v1.2.3 From bc2e65e4821ef4b8fbc33be6c705adfa1c32e02f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 29 Apr 2020 15:18:03 +0200 Subject: added afl_network_proxy --- docs/Changelog.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/Changelog.md b/docs/Changelog.md index dd408bd0..faf015c6 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -28,7 +28,10 @@ sending a mail to . - unicorn_mode: - better submodule handling - afl-showmap: fix for -Q mode - - added examples/afl-proxy which can be easily used to fuzz and instrument + - added examples/afl_network_proxy which allows to fuzz a target over the + network (not fuzzing tcp/ip services but running afl-fuzz on one system + and the target being on an embedded device) + - added examples/afl_proxy which can be easily used to fuzz and instrument non-standard things - all: - forkserver communication now also used for error reporting -- cgit v1.2.3 From efa9df24c2a5f97c212a5a22dda19dcbbab0b5de Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 30 Apr 2020 17:59:59 +0200 Subject: afl-untracer completed --- docs/Changelog.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs') diff --git a/docs/Changelog.md b/docs/Changelog.md index faf015c6..565bee72 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -31,6 +31,8 @@ sending a mail to . - added examples/afl_network_proxy which allows to fuzz a target over the network (not fuzzing tcp/ip services but running afl-fuzz on one system and the target being on an embedded device) + - added examples/afl_untracer which does a binary-only fuzzing with the + modifications done in memory - added examples/afl_proxy which can be easily used to fuzz and instrument non-standard things - all: -- cgit v1.2.3 From 378573ab8b2f9b150429503c649e86e0fed4e946 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 2 May 2020 00:39:13 +0200 Subject: AFL_LLVM_SKIP_NEVERZERO added --- docs/Changelog.md | 3 +++ docs/env_variables.md | 4 ++++ 2 files changed, 7 insertions(+) (limited to 'docs') diff --git a/docs/Changelog.md b/docs/Changelog.md index 565bee72..cae99681 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -20,6 +20,9 @@ sending a mail to . address for the shared memory map is used as this increases the fuzzing speed - fixes to LTO mode if instrumented edges > MAP_SIZE + - added AFL_LLVM_SKIP_NEVERZERO to skip the never zero coverage counter + implmentation. For targets with little or no loops or heavy called + functions. Gives a small performance boost. - qemu_mode: - add information on PIE/PIC load addresses for 32 bit - better dependency checks diff --git a/docs/env_variables.md b/docs/env_variables.md index 41c8f12a..bdbb8520 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -204,6 +204,10 @@ Then there are a few specific features that are only available in llvm_mode: slowdown due a performance issue that is only fixed in llvm 9+. This feature increases path discovery by a little bit. + - Setting AFL_LLVM_SKIP_NEVERZERO=1 will not implement the skip zero + test. If the target performs only few loops then this will give a + small performance boost. + See llvm_mode/README.neverzero.md ### CMPLOG -- cgit v1.2.3 From 16c16b3e6e0cd678f5da76f757761fb821f1011f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 4 May 2020 18:01:47 +0200 Subject: ctx and ngram can be used together now --- docs/Changelog.md | 1 + docs/env_variables.md | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/Changelog.md b/docs/Changelog.md index cae99681..8c0624b6 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -20,6 +20,7 @@ sending a mail to . address for the shared memory map is used as this increases the fuzzing speed - fixes to LTO mode if instrumented edges > MAP_SIZE + - CTX and NGRAM can now be used together - added AFL_LLVM_SKIP_NEVERZERO to skip the never zero coverage counter implmentation. For targets with little or no loops or heavy called functions. Gives a small performance boost. diff --git a/docs/env_variables.md b/docs/env_variables.md index bdbb8520..ab5808ec 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -97,12 +97,14 @@ Then there are a few specific features that are only available in llvm_mode: - AFL_LLVM_INSTRUMENT - this configures the instrumentation mode. Available options: - DEFAULT - classic AFL (map[cur_loc ^ prev_loc >> 1]++) + CLASSIC - classic AFL (map[cur_loc ^ prev_loc >> 1]++) (default) CFG - InsTrim instrumentation (see below) LTO - LTO instrumentation (see below) CTX - context sensitive instrumentation (see below) NGRAM-x - deeper previous location coverage (from NGRAM-2 up to NGRAM-16) - Only one can be used. + In CLASSIC (default) can can also specify CTX and/nor NGRAM, seperate + the options with a comma "," then, e.g.: + AFL_LLVM_INSTRUMENT=CLASSIC,CTX,NGRAM-4 ### LTO -- cgit v1.2.3 From 6e45e55d82eeed2075579a530f5aeea8d00af55b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 5 May 2020 10:38:44 +0200 Subject: fix crash in AFL_LLVM_LAF_TRANSFORM_COMPARES --- docs/Changelog.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs') diff --git a/docs/Changelog.md b/docs/Changelog.md index 8c0624b6..ac68e8ff 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -21,6 +21,7 @@ sending a mail to . fuzzing speed - fixes to LTO mode if instrumented edges > MAP_SIZE - CTX and NGRAM can now be used together + - AFL_LLVM_LAF_TRANSFORM_COMPARES would sometimes crash, fixed - added AFL_LLVM_SKIP_NEVERZERO to skip the never zero coverage counter implmentation. For targets with little or no loops or heavy called functions. Gives a small performance boost. -- cgit v1.2.3 From d6346561dbe2a00472eda76e8a1276b77e0f67a7 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 5 May 2020 15:37:02 +0200 Subject: ctx+ngram for instrim --- docs/Changelog.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/Changelog.md b/docs/Changelog.md index ac68e8ff..e4ac8783 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -21,7 +21,8 @@ sending a mail to . fuzzing speed - fixes to LTO mode if instrumented edges > MAP_SIZE - CTX and NGRAM can now be used together - - AFL_LLVM_LAF_TRANSFORM_COMPARES would sometimes crash, fixed + - CTX and NGRAM are now also supported in CFG/INSTRIM mode + - AFL_LLVM_LAF_TRANSFORM_COMPARES could, fixed - added AFL_LLVM_SKIP_NEVERZERO to skip the never zero coverage counter implmentation. For targets with little or no loops or heavy called functions. Gives a small performance boost. -- cgit v1.2.3 From ad3960580d4b462e53c98f82283cd11037558642 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 5 May 2020 20:19:04 +0200 Subject: fixed typos --- docs/Changelog.md | 4 ++-- docs/env_variables.md | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'docs') diff --git a/docs/Changelog.md b/docs/Changelog.md index e4ac8783..54564a5d 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -22,9 +22,9 @@ sending a mail to . - fixes to LTO mode if instrumented edges > MAP_SIZE - CTX and NGRAM can now be used together - CTX and NGRAM are now also supported in CFG/INSTRIM mode - - AFL_LLVM_LAF_TRANSFORM_COMPARES could, fixed + - AFL_LLVM_LAF_TRANSFORM_COMPARES could crash, fixed - added AFL_LLVM_SKIP_NEVERZERO to skip the never zero coverage counter - implmentation. For targets with little or no loops or heavy called + implementation. For targets with few or no loops or heavily called functions. Gives a small performance boost. - qemu_mode: - add information on PIE/PIC load addresses for 32 bit diff --git a/docs/env_variables.md b/docs/env_variables.md index ab5808ec..ed81c8a3 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -102,9 +102,10 @@ Then there are a few specific features that are only available in llvm_mode: LTO - LTO instrumentation (see below) CTX - context sensitive instrumentation (see below) NGRAM-x - deeper previous location coverage (from NGRAM-2 up to NGRAM-16) - In CLASSIC (default) can can also specify CTX and/nor NGRAM, seperate - the options with a comma "," then, e.g.: - AFL_LLVM_INSTRUMENT=CLASSIC,CTX,NGRAM-4 + In CLASSIC (default) and CFG/INSTRIM you can also specify CTX and/or + NGRAM, seperate the options with a comma "," then, e.g.: + AFL_LLVM_INSTRUMENT=CFG,CTX,NGRAM-4 + Not that this is a good idea to use both CTX and NGRAM :) ### LTO -- cgit v1.2.3