From b8d3a97a4f460b4e7919aa3f558d2a4d21a6b199 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 1 Sep 2020 13:08:32 +0200 Subject: build with qemuafl --- qemu_mode/build_qemu_support.sh | 99 ++++++++++++++--------------------------- 1 file changed, 33 insertions(+), 66 deletions(-) (limited to 'qemu_mode/build_qemu_support.sh') diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 30ac158f..5d9f5be7 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -29,13 +29,10 @@ # will be written to ../afl-qemu-trace. # - -VERSION="3.1.1" -QEMU_URL="http://download.qemu-project.org/qemu-${VERSION}.tar.xz" -QEMU_SHA384="28ff22ec4b8c957309460aa55d0b3188e971be1ea7dfebfb2ecc7903cd20cfebc2a7c97eedfcc7595f708357f1623f8b" +QEMUAFL_VERSION="$(cat ./QEMUAFL_VERSION)" echo "=================================================" -echo "AFL binary-only instrumentation QEMU build script" +echo " QemuAFL build script" echo "=================================================" echo @@ -48,7 +45,7 @@ if [ ! "`uname -s`" = "Linux" ]; then fi -if [ ! -f "patches/afl-qemu-cpu-inl.h" -o ! -f "../config.h" ]; then +if [ ! -f "../config.h" ]; then echo "[-] Error: key files not found - wrong working directory?" exit 1 @@ -111,41 +108,38 @@ fi echo "[+] All checks passed!" -ARCHIVE="`basename -- "$QEMU_URL"`" - -CKSUM=`sha384sum -- "$ARCHIVE" 2>/dev/null | cut -d' ' -f1` - -if [ ! "$CKSUM" = "$QEMU_SHA384" ]; then - - echo "[*] Downloading QEMU ${VERSION} from the web..." - rm -f "$ARCHIVE" - OK= - while [ -z "$OK" ]; do - wget -c -O "$ARCHIVE" -- "$QEMU_URL" && OK=1 - done - - CKSUM=`sha384sum -- "$ARCHIVE" 2>/dev/null | cut -d' ' -f1` - -fi - -if [ "$CKSUM" = "$QEMU_SHA384" ]; then - - echo "[+] Cryptographic signature on $ARCHIVE checks out." +echo "[*] Making sure qemuafl is checked out" +git status 1>/dev/null 2>/dev/null +if [ $? -eq 0 ]; then + echo "[*] initializing qemuafl submodule" + git submodule init || exit 1 + git submodule update 2>/dev/null # ignore errors else - - echo "[-] Error: signature mismatch on $ARCHIVE (perhaps download error?), removing archive ..." - rm -f "$ARCHIVE" - exit 1 - + echo "[*] cloning qemuafl" + test -d qemuafl || { + CNT=1 + while [ '!' -d qemuafl -a "$CNT" -lt 4 ]; do + echo "Trying to clone qemuafl (attempt $CNT/3)" + git clone https://github.com/AFLplusplus/qemuafl + CNT=`expr "$CNT" + 1` + done + } fi -echo "[*] Uncompressing archive (this will take a while)..." +test -d qemuafl || { echo "[-] Not checked out, please install git or check your internet connection." ; exit 1 ; } +echo "[+] Got qemuafl." -rm -rf "qemu-${VERSION}" || exit 1 -tar xf "$ARCHIVE" || exit 1 +cd "qemuafl" || exit 1 +echo "[*] Checking out $QEMUAFL_VERSION" +sh -c 'git stash && git stash drop' 1>/dev/null 2>/dev/null +git checkout "$QEMUAFL_VERSION" || exit 1 -echo "[+] Unpacking successful." +echo "[*] Making sure imported headers matches" +cp "../../include/config.h" "./qemuafl/imported/" || exit 1 +cp "../../include/cmplog.h" "./qemuafl/imported/" || exit 1 +cp "../../include/snapshot-inl.h" "./qemuafl/imported/" || exit 1 +cp "../../include/types.h" "./qemuafl/imported/" || exit 1 if [ -n "$HOST" ]; then echo "[+] Configuring host architecture to $HOST..." @@ -169,34 +163,7 @@ if [ "$ORIG_CPU_TARGET" = "" ]; then esac fi -cd qemu-$VERSION || exit 1 - -echo Building for CPU target $CPU_TARGET - -echo "[*] Applying patches..." - -patch -p1 <../patches/elfload.diff || exit 1 -patch -p1 <../patches/mips-fpu.diff || exit 1 -patch -p1 <../patches/bsd-elfload.diff || exit 1 -patch -p1 <../patches/cpu-exec.diff || exit 1 -patch -p1 <../patches/syscall.diff || exit 1 -patch -p1 <../patches/translate-all.diff || exit 1 -patch -p1 <../patches/tcg.diff || exit 1 -patch -p1 <../patches/i386-translate.diff || exit 1 -patch -p1 <../patches/arm-translate.diff || exit 1 -patch -p1 <../patches/arm-translate-a64.diff || exit 1 -patch -p1 <../patches/i386-ops_sse.diff || exit 1 -patch -p1 <../patches/i386-fpu_helper.diff || exit 1 -patch -p1 <../patches/softfloat.diff || exit 1 -patch -p1 <../patches/configure.diff || exit 1 -patch -p1 <../patches/tcg-runtime.diff || exit 1 -patch -p1 <../patches/tcg-runtime-head.diff || exit 1 -patch -p1 <../patches/translator.diff || exit 1 -patch -p1 <../patches/__init__.py.diff || exit 1 -patch -p1 <../patches/make_strncpy_safe.diff || exit 1 -patch -p1 <../patches/mmap_fixes.diff || exit 1 - -echo "[+] Patching done." +echo "Building for CPU target $CPU_TARGET" if [ "$STATIC" = "1" ]; then @@ -211,7 +178,7 @@ if [ "$STATIC" = "1" ]; then --disable-sdl --disable-seccomp --disable-smartcard --disable-snappy --disable-spice --disable-libssh2 \ --disable-libusb --disable-usb-redir --disable-vde --disable-vhost-net --disable-virglrenderer \ --disable-virtfs --disable-vnc --disable-vte --disable-xen --disable-xen-pci-passthrough --disable-xfsctl \ - --enable-linux-user --disable-system --disable-blobs --disable-tools --enable-capstone=internal \ + --enable-linux-user --disable-system --disable-blobs --disable-tools \ --target-list="${CPU_TARGET}-linux-user" --static --disable-pie --cross-prefix=$CROSS_PREFIX --python="$PYTHONBIN" \ || exit 1 @@ -221,7 +188,7 @@ else # improvement, much to my surprise. Not sure how universal this is.. ./configure --disable-system \ - --enable-linux-user --disable-gtk --disable-sdl --disable-vnc --enable-capstone=internal \ + --enable-linux-user --disable-gtk --disable-sdl --disable-vnc --disable-werror \ --target-list="${CPU_TARGET}-linux-user" --enable-pie $CROSS_PREFIX --python="$PYTHONBIN" || exit 1 fi @@ -236,7 +203,7 @@ echo "[+] Build process successful!" echo "[*] Copying binary..." -cp -f "${CPU_TARGET}-linux-user/qemu-${CPU_TARGET}" "../../afl-qemu-trace" || exit 1 +cp -f "build/${CPU_TARGET}-linux-user/qemu-${CPU_TARGET}" "../../afl-qemu-trace" || exit 1 cd .. ls -l ../afl-qemu-trace || exit 1 -- cgit 1.4.1 From 13f2ac83a90aa8a6826c8c642a2b64118ac53430 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 8 Sep 2020 11:48:31 +0200 Subject: fix GNUmakefile for new qemuafl --- .gitignore | 1 + .travis.yml | 1 - GNUmakefile | 19 ++++++++----------- qemu_mode/build_qemu_support.sh | 2 +- unicorn_mode/build_unicorn_support.sh | 2 +- 5 files changed, 11 insertions(+), 14 deletions(-) (limited to 'qemu_mode/build_qemu_support.sh') diff --git a/.gitignore b/.gitignore index 5b7e22ba..fb6a94c1 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,7 @@ afl-lto++.8 afl-lto.8 qemu_mode/libcompcov/compcovtest qemu_mode/qemu-* +qemu_mode/qemuafl unicorn_mode/samples/*/\.test-* unicorn_mode/samples/*/output/ unicorn_mode/unicornafl diff --git a/.travis.yml b/.travis.yml index ccfc7743..c82c8c26 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,7 +6,6 @@ branches: only: - stable - dev - - llvm_merge matrix: include: diff --git a/GNUmakefile b/GNUmakefile index 92046ffd..30a219a4 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -470,7 +470,6 @@ code-format: ./.custom-format.py -i examples/*/*.c ./.custom-format.py -i examples/*/*.h ./.custom-format.py -i test/*.c - ./.custom-format.py -i qemu_mode/patches/*.h ./.custom-format.py -i qemu_mode/libcompcov/*.c ./.custom-format.py -i qemu_mode/libcompcov/*.cc ./.custom-format.py -i qemu_mode/libcompcov/*.h @@ -510,8 +509,7 @@ all_done: test_build .PHONY: clean clean: - rm -f $(PROGS) libradamsa.so afl-fuzz-document afl-as as afl-g++ afl-clang afl-clang++ *.o src/*.o *~ a.out core core.[1-9][0-9]* *.stackdump .test .test1 .test2 test-instr .test-instr0 .test-instr1 afl-qemu-trace afl-gcc-fast afl-gcc-pass.so afl-g++-fast ld *.so *.8 test/unittests/*.o test/unittests/unit_maybe_alloc test/unittests/preallocable .afl-* afl-gcc afl-g++ - rm -rf out_dir qemu_mode/qemu-3.1.1 *.dSYM */*.dSYM + rm -f $(PROGS) libradamsa.so afl-fuzz-document afl-as as afl-g++ afl-clang afl-clang++ *.o src/*.o *~ a.out core core.[1-9][0-9]* *.stackdump .test .test1 .test2 test-instr .test-instr0 .test-instr1 afl-qemu-trace afl-gcc-fast afl-gcc-pass.so afl-g++-fast ld *.so *.8 test/unittests/*.o test/unittests/unit_maybe_alloc test/unittests/preallocable .afl-* afl-gcc afl-g++ test/unittests/unit_hash test/unittests/unit_rand -$(MAKE) -f GNUmakefile.llvm clean -$(MAKE) -f GNUmakefile.gcc_plugin clean $(MAKE) -C libdislocator clean @@ -521,18 +519,18 @@ clean: $(MAKE) -C examples/argv_fuzzing clean $(MAKE) -C qemu_mode/unsigaction clean $(MAKE) -C qemu_mode/libcompcov clean - rm -rf qemu_mode/qemu-3.1.1 ifeq "$(IN_REPO)" "1" + test -e qemu_mode/qemuafl/Makefile && $(MAKE) -C qemu_mode/qemuafl clean || true test -e unicorn_mode/unicornafl/Makefile && $(MAKE) -C unicorn_mode/unicornafl clean || true else - rm -rf qemu_mode/qemu-3.1.1.tar.xz + rm -rf qemu_mode/qemuafl rm -rf unicorn_mode/unicornafl endif .PHONY: deepclean deepclean: clean - rm -rf qemu_mode/qemu-3.1.1.tar.xz rm -rf unicorn_mode/unicornafl + rm -rf qemu_mode/qemuafl # NEVER EVER ACTIVATE THAT!!!!! git reset --hard >/dev/null 2>&1 || true .PHONY: distrib @@ -541,11 +539,12 @@ distrib: all -$(MAKE) -f GNUmakefile.gcc_plugin $(MAKE) -C libdislocator $(MAKE) -C libtokencap + $(MAKE) -C examples/aflpp_driver $(MAKE) -C examples/afl_network_proxy $(MAKE) -C examples/socket_fuzzing $(MAKE) -C examples/argv_fuzzing -cd qemu_mode && sh ./build_qemu_support.sh - cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh + -cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh .PHONY: binary-only binary-only: all @@ -555,7 +554,7 @@ binary-only: all $(MAKE) -C examples/socket_fuzzing $(MAKE) -C examples/argv_fuzzing -cd qemu_mode && sh ./build_qemu_support.sh - cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh + -cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh .PHONY: source-only source-only: all @@ -563,9 +562,7 @@ source-only: all -$(MAKE) -f GNUmakefile.gcc_plugin $(MAKE) -C libdislocator $(MAKE) -C libtokencap - @#$(MAKE) -C examples/afl_network_proxy - @#$(MAKE) -C examples/socket_fuzzing - @#$(MAKE) -C examples/argv_fuzzing + $(MAKE) -C examples/aflpp_driver %.8: % @echo .TH $* 8 $(BUILD_DATE) "afl++" > $@ diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 5d9f5be7..342f16b3 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -121,7 +121,7 @@ else CNT=1 while [ '!' -d qemuafl -a "$CNT" -lt 4 ]; do echo "Trying to clone qemuafl (attempt $CNT/3)" - git clone https://github.com/AFLplusplus/qemuafl + git clone --depth 1 https://github.com/AFLplusplus/qemuafl CNT=`expr "$CNT" + 1` done } diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh index b4d2058f..f75b3b8d 100755 --- a/unicorn_mode/build_unicorn_support.sh +++ b/unicorn_mode/build_unicorn_support.sh @@ -156,7 +156,7 @@ else CNT=1 while [ '!' -d unicornafl -a "$CNT" -lt 4 ]; do echo "Trying to clone unicornafl (attempt $CNT/3)" - git clone https://github.com/AFLplusplus/unicornafl + git clone --depth 1 https://github.com/AFLplusplus/unicornafl CNT=`expr "$CNT" + 1` done } -- cgit 1.4.1 From d3282ef1feda306193aa9a834981c26e9182c2c8 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 9 Sep 2020 10:37:04 +0200 Subject: fix makefile --- GNUmakefile | 4 ++-- GNUmakefile.llvm | 7 ++++--- qemu_mode/build_qemu_support.sh | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) (limited to 'qemu_mode/build_qemu_support.sh') diff --git a/GNUmakefile b/GNUmakefile index 30a219a4..b9a017d2 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -598,8 +598,8 @@ install: all $(MANPAGES) @if [ -f socketfuzz32.so -o -f socketfuzz64.so ]; then $(MAKE) -C examples/socket_fuzzing install; fi @if [ -f argvfuzz32.so -o -f argvfuzz64.so ]; then $(MAKE) -C examples/argv_fuzzing install; fi @if [ -f examples/afl_network_proxy/afl-network-server ]; then $(MAKE) -C examples/afl_network_proxy install; fi - @if [ -f examples/aflpp_driver/libAFLDriver.a ]; then install -m 644 examples/aflpp_driver/libAFLDriver.a $${DESTDIR}$(HELPER_PATH); fi - @if [ -f examples/aflpp_driver/libAFLQemuDriver.a ]; then install -m 644 examples/aflpp_driver/libAFLQemuDriver.a $${DESTDIR}$(HELPER_PATH); fi + @if [ -f examples/aflpp_driver/libAFLDriver.a ]; then set -e; install -m 644 examples/aflpp_driver/libAFLDriver.a $${DESTDIR}$(HELPER_PATH); fi + @if [ -f examples/aflpp_driver/libAFLQemuDriver.a ]; then set -e; install -m 644 examples/aflpp_driver/libAFLQemuDriver.a $${DESTDIR}$(HELPER_PATH); fi -$(MAKE) -f GNUmakefile.llvm install -$(MAKE) -f GNUmakefile.gcc_plugin install ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-gcc diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 604fb291..4dd0793f 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -448,11 +448,12 @@ all_done: test_build install: all @install -d -m 755 $${DESTDIR}$(BIN_PATH) $${DESTDIR}$(HELPER_PATH) $${DESTDIR}$(DOC_PATH) $${DESTDIR}$(MISC_PATH) @if [ -f ./afl-cc ]; then set -e; install -m 755 ./afl-cc $${DESTDIR}$(BIN_PATH); ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-c++; fi - @if [ -f ./afl-compiler-rt.o ]; then set -e; install -m 755 ./afl-compiler-rt.o $${DESTDIR}$(HELPER_PATH); ln -sf afl-compiler-rt.o $${DESTDIR}$(HELPER_PATH)afl-llvm-rt.o ;fi + @rm -f $${DESTDIR}$(HELPER_PATH)/afl-llvm-rt*.o $${DESTDIR}$(HELPER_PATH)/afl-gcc-rt*.o + @if [ -f ./afl-compiler-rt.o ]; then set -e; install -m 755 ./afl-compiler-rt.o $${DESTDIR}$(HELPER_PATH); ln -sf afl-compiler-rt.o $${DESTDIR}$(HELPER_PATH)/afl-llvm-rt.o ;fi @if [ -f ./afl-lto ]; then set -e; ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-lto; ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-lto++; ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-clang-lto; ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-clang-lto++; install -m 755 ./afl-llvm-lto-instrumentation.so ./afl-llvm-rt-lto*.o ./afl-llvm-lto-instrumentlist.so $${DESTDIR}$(HELPER_PATH); fi @if [ -f ./afl-ld-lto ]; then set -e; install -m 755 ./afl-ld-lto $${DESTDIR}$(BIN_PATH); fi - @if [ -f ./afl-compiler-rt-32.o ]; then set -e; install -m 755 ./afl-compiler-rt-32.o $${DESTDIR}$(HELPER_PATH); ln -sf afl-compiler-rt-32.o $${DESTDIR}$(HELPER_PATH)afl-llvm-rt-32.o ;fi - @if [ -f ./afl-compiler-rt-64.o ]; then set -e; install -m 755 ./afl-compiler-rt-64.o $${DESTDIR}$(HELPER_PATH); ln -sf afl-compiler-rt-64.o $${DESTDIR}$(HELPER_PATH)afl-llvm-rt-64.o ; fi + @if [ -f ./afl-compiler-rt-32.o ]; then set -e; install -m 755 ./afl-compiler-rt-32.o $${DESTDIR}$(HELPER_PATH); ln -sf afl-compiler-rt-32.o $${DESTDIR}$(HELPER_PATH)/afl-llvm-rt-32.o ;fi + @if [ -f ./afl-compiler-rt-64.o ]; then set -e; install -m 755 ./afl-compiler-rt-64.o $${DESTDIR}$(HELPER_PATH); ln -sf afl-compiler-rt-64.o $${DESTDIR}$(HELPER_PATH)/afl-llvm-rt-64.o ; fi @if [ -f ./compare-transform-pass.so ]; then set -e; install -m 755 ./*.so $${DESTDIR}$(HELPER_PATH); fi @if [ -f ./compare-transform-pass.so ]; then set -e; ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-clang-fast ; ln -sf ./afl-c++ $${DESTDIR}$(BIN_PATH)/afl-clang-fast++ ; ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-clang ; ln -sf ./afl-c++ $${DESTDIR}$(BIN_PATH)/afl-clang++ ; fi @if [ -f ./SanitizerCoverageLTO.so ]; then set -e; ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-clang-lto ; ln -sf ./afl-c++ $${DESTDIR}$(BIN_PATH)/afl-clang-lto++ ; fi diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 342f16b3..9561ea34 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -133,7 +133,7 @@ echo "[+] Got qemuafl." cd "qemuafl" || exit 1 echo "[*] Checking out $QEMUAFL_VERSION" sh -c 'git stash && git stash drop' 1>/dev/null 2>/dev/null -git checkout "$QEMUAFL_VERSION" || exit 1 +git checkout "$QEMUAFL_VERSION" || echo Warning: could not check out to commit $QEMUAFL_VERSION echo "[*] Making sure imported headers matches" cp "../../include/config.h" "./qemuafl/imported/" || exit 1 -- cgit 1.4.1