From 9100f3c416707d926fc100d4441cf32bb1da6dd6 Mon Sep 17 00:00:00 2001 From: Akira Moroo Date: Tue, 22 Jun 2021 05:34:20 +0000 Subject: Add initial CoreSight mode support The original code is: https://github.com/RICSecLab/AFLplusplus-cs/tree/retrage/coresight-mode-pr Signed-off-by: Akira Moroo --- src/afl-analyze.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'src/afl-analyze.c') diff --git a/src/afl-analyze.c b/src/afl-analyze.c index d52a6d6e..c8b82428 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -77,6 +77,7 @@ static volatile u8 stop_soon; /* Ctrl-C pressed? */ static u8 *target_path; static u8 frida_mode; static u8 qemu_mode; +static u8 cs_mode; static u32 map_size = MAP_SIZE; static afl_forkserver_t fsrv = {0}; /* The forkserver */ @@ -790,6 +791,8 @@ static void set_up_environment(char **argv) { } else { + /* CoreSight mode uses the default behavior. */ + setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1); @@ -845,6 +848,7 @@ static void usage(u8 *argv0) { " -f file - input file read by the tested program (stdin)\n" " -t msec - timeout for each run (%u ms)\n" " -m megs - memory limit for child process (%u MB)\n" + " -A - use binary-only instrumentation (CoreSight mode)\n" " -O - use binary-only instrumentation (FRIDA mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n" @@ -890,7 +894,7 @@ int main(int argc, char **argv_orig, char **envp) { afl_fsrv_init(&fsrv); - while ((opt = getopt(argc, argv, "+i:f:m:t:eOQUWh")) > 0) { + while ((opt = getopt(argc, argv, "+i:f:m:t:eAOQUWh")) > 0) { switch (opt) { @@ -989,6 +993,14 @@ int main(int argc, char **argv_orig, char **envp) { break; + case 'A': /* CoreSight mode */ + + if (cs_mode) { FATAL("Multiple -A options not supported"); } + + cs_mode = 1; + fsrv.cs_mode = cs_mode; + break; + case 'O': /* FRIDA mode */ if (frida_mode) { FATAL("Multiple -O options not supported"); } @@ -1080,6 +1092,10 @@ int main(int argc, char **argv_orig, char **envp) { } + } else if (cs_mode) { + + use_argv = get_cs_argv(argv[0], &target_path, argc - optind, argv + optind); + } else { use_argv = argv + optind; -- cgit 1.4.1 From d63d69a1f66e00f453e358662527fbd78361147d Mon Sep 17 00:00:00 2001 From: Akira Moroo Date: Fri, 12 Nov 2021 05:33:40 +0000 Subject: Clarify usage message for ARM CoreSight mode REF: https://github.com/AFLplusplus/AFLplusplus/pull/1156#issuecomment-966196217 Signed-off-by: Akira Moroo --- src/afl-analyze.c | 2 +- src/afl-fuzz.c | 2 +- src/afl-showmap.c | 2 +- src/afl-tmin.c | 1 + 4 files changed, 4 insertions(+), 3 deletions(-) (limited to 'src/afl-analyze.c') diff --git a/src/afl-analyze.c b/src/afl-analyze.c index c8b82428..4872c60d 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -848,7 +848,7 @@ static void usage(u8 *argv0) { " -f file - input file read by the tested program (stdin)\n" " -t msec - timeout for each run (%u ms)\n" " -m megs - memory limit for child process (%u MB)\n" - " -A - use binary-only instrumentation (CoreSight mode)\n" + " -A - use binary-only instrumentation (ARM CoreSight mode)\n" " -O - use binary-only instrumentation (FRIDA mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n" diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 99eebfaa..6538e0a0 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -113,7 +113,7 @@ static void usage(u8 *argv0, int more_help) { "maximum.\n" " -m megs - memory limit for child process (%u MB, 0 = no limit " "[default])\n" - " -A - use binary-only instrumentation (CoreSight mode)\n" + " -A - use binary-only instrumentation (ARM CoreSight mode)\n" " -O - use binary-only instrumentation (FRIDA mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n" diff --git a/src/afl-showmap.c b/src/afl-showmap.c index daaed767..4c207d62 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -845,7 +845,7 @@ static void usage(u8 *argv0) { " -t msec - timeout for each run (none)\n" " -m megs - memory limit for child process (%u MB)\n" " -O - use binary-only instrumentation (FRIDA mode)\n" - " -P - use binary-only instrumentation (CoreSight mode)\n" + " -P - use binary-only instrumentation (ARM CoreSight mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n" " -U - use Unicorn-based instrumentation (Unicorn mode)\n" " -W - use qemu-based instrumentation with Wine (Wine mode)\n" diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 212b6251..42883404 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -866,6 +866,7 @@ static void usage(u8 *argv0) { " -f file - input file read by the tested program (stdin)\n" " -t msec - timeout for each run (%u ms)\n" " -m megs - memory limit for child process (%u MB)\n" + " -A - use binary-only instrumentation (ARM CoreSight mode)\n" " -O - use binary-only instrumentation (FRIDA mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n" -- cgit 1.4.1 From c2feee4ed1b35cc590e2beaa595d710b09e1427c Mon Sep 17 00:00:00 2001 From: Akira Moroo Date: Fri, 12 Nov 2021 06:01:19 +0000 Subject: Add platform check for `-A` CoreSight mode REF: https://github.com/AFLplusplus/AFLplusplus/pull/1156#discussion_r747454306 Signed-off-by: Akira Moroo --- src/afl-analyze.c | 6 ++++++ src/afl-fuzz.c | 7 +++++++ src/afl-showmap.c | 6 ++++++ src/afl-tmin.c | 6 ++++++ 4 files changed, 25 insertions(+) (limited to 'src/afl-analyze.c') diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 4872c60d..6e1a9e7b 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -997,6 +997,12 @@ int main(int argc, char **argv_orig, char **envp) { if (cs_mode) { FATAL("Multiple -A options not supported"); } + if (!(__aarch64__ && __linux__)) { + + FATAL("-A option is not supported on this platform"); + + } + cs_mode = 1; fsrv.cs_mode = cs_mode; break; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 6538e0a0..e6d9508b 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -830,6 +830,13 @@ int main(int argc, char **argv_orig, char **envp) { case 'A': /* CoreSight mode */ if (afl->fsrv.cs_mode) { FATAL("Multiple -A options not supported"); } + + if (!(__aarch64__ && __linux__)) { + + FATAL("-A option is not supported on this platform"); + + } + afl->fsrv.cs_mode = 1; break; diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 57737562..0e7d9df6 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -1069,6 +1069,12 @@ int main(int argc, char **argv_orig, char **envp) { if (fsrv->cs_mode) { FATAL("Multiple -P options not supported"); } + if (!(__aarch64__ && __linux__)) { + + FATAL("-P option is not supported on this platform"); + + } + fsrv->cs_mode = true; break; diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 42883404..110beed5 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -1040,6 +1040,12 @@ int main(int argc, char **argv_orig, char **envp) { if (fsrv->cs_mode) { FATAL("Multiple -A options not supported"); } + if (!(__aarch64__ && __linux__)) { + + FATAL("-A option is not supported on this platform"); + + } + fsrv->cs_mode = 1; break; -- cgit 1.4.1 From feff8191ecbde9bb039e2311440f47e8f0325413 Mon Sep 17 00:00:00 2001 From: Akira Moroo Date: Mon, 15 Nov 2021 01:57:36 +0000 Subject: Fix platform check for `-A` CoreSight mode Signed-off-by: Akira Moroo --- src/afl-analyze.c | 10 ++++------ src/afl-fuzz.c | 10 ++++------ src/afl-showmap.c | 10 ++++------ src/afl-tmin.c | 10 ++++------ 4 files changed, 16 insertions(+), 24 deletions(-) (limited to 'src/afl-analyze.c') diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 6e1a9e7b..bc562c15 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -995,13 +995,11 @@ int main(int argc, char **argv_orig, char **envp) { case 'A': /* CoreSight mode */ - if (cs_mode) { FATAL("Multiple -A options not supported"); } - - if (!(__aarch64__ && __linux__)) { - - FATAL("-A option is not supported on this platform"); +#if !defined(__aarch64__) || !defined(__linux__) + FATAL("-A option is not supported on this platform"); +#endif - } + if (cs_mode) { FATAL("Multiple -A options not supported"); } cs_mode = 1; fsrv.cs_mode = cs_mode; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index e6d9508b..44363c2b 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -829,13 +829,11 @@ int main(int argc, char **argv_orig, char **envp) { case 'A': /* CoreSight mode */ - if (afl->fsrv.cs_mode) { FATAL("Multiple -A options not supported"); } - - if (!(__aarch64__ && __linux__)) { - - FATAL("-A option is not supported on this platform"); + #if !defined(__aarch64__) || !defined(__linux__) + FATAL("-A option is not supported on this platform"); + #endif - } + if (afl->fsrv.cs_mode) { FATAL("Multiple -A options not supported"); } afl->fsrv.cs_mode = 1; diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 0e7d9df6..899baaa0 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -1067,13 +1067,11 @@ int main(int argc, char **argv_orig, char **envp) { * undocumenetd feature "Another afl-cmin specific feature." */ case 'P': /* CoreSight mode */ - if (fsrv->cs_mode) { FATAL("Multiple -P options not supported"); } - - if (!(__aarch64__ && __linux__)) { - - FATAL("-P option is not supported on this platform"); +#if !defined(__aarch64__) || !defined(__linux__) + FATAL("-P option is not supported on this platform"); +#endif - } + if (fsrv->cs_mode) { FATAL("Multiple -P options not supported"); } fsrv->cs_mode = true; break; diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 110beed5..22383a4e 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -1038,13 +1038,11 @@ int main(int argc, char **argv_orig, char **envp) { case 'A': /* CoreSight mode */ - if (fsrv->cs_mode) { FATAL("Multiple -A options not supported"); } - - if (!(__aarch64__ && __linux__)) { - - FATAL("-A option is not supported on this platform"); +#if !defined(__aarch64__) || !defined(__linux__) + FATAL("-A option is not supported on this platform"); +#endif - } + if (fsrv->cs_mode) { FATAL("Multiple -A options not supported"); } fsrv->cs_mode = 1; break; -- cgit 1.4.1