From 5eb4c6eacdce06ef0313c389ce1616f52110dbb0 Mon Sep 17 00:00:00 2001 From: Nikolay Shaplov Date: Tue, 19 Sep 2023 21:55:40 +0300 Subject: Use shorter fuzzer name in stat header when user's banner is too big --- src/afl-fuzz-stats.c | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 3d0a9b9a..adf04420 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -778,10 +778,29 @@ void show_stats_normal(afl_state_t *afl) { if (unlikely(!banner[0])) { char *si = ""; + char *fuzzer_name; + if (afl->sync_id) { si = afl->sync_id; } memset(banner, 0, sizeof(banner)); - banner_len = (afl->crash_mode ? 20 : 18) + strlen(VERSION) + strlen(si) + - strlen(afl->power_name) + 4 + 6; + + banner_len = strlen(VERSION) + strlen(si) + strlen(afl->power_name) + 4 + 6; + + if (afl->crash_mode) { + + fuzzer_name = "peruvian were-rabbit"; + + } else { + + fuzzer_name = "american fuzzy lop"; + if (banner_len + strlen(fuzzer_name) + strlen(afl->use_banner) > 75) { + + fuzzer_name = "AFL"; + + } + + } + + banner_len += strlen(fuzzer_name); if (strlen(afl->use_banner) + banner_len > 75) { @@ -798,18 +817,16 @@ void show_stats_normal(afl_state_t *afl) { if (afl->fsrv.nyx_mode) { snprintf(banner + banner_pad, sizeof(banner) - banner_pad, - "%s " cLCY VERSION cLBL " {%s} " cLGN "(%s) " cPIN "[%s] - Nyx", - afl->crash_mode ? cPIN "peruvian were-rabbit" - : cYEL "american fuzzy lop", + "%s%s " cLCY VERSION cLBL " {%s} " cLGN "(%s) " cPIN "[%s] - Nyx", + afl->crash_mode ? cPIN : cYEL, fuzzer_name, si, afl->use_banner, afl->power_name); } else { #endif snprintf(banner + banner_pad, sizeof(banner) - banner_pad, - "%s " cLCY VERSION cLBL " {%s} " cLGN "(%s) " cPIN "[%s]", - afl->crash_mode ? cPIN "peruvian were-rabbit" - : cYEL "american fuzzy lop", + "%s%s " cLCY VERSION cLBL " {%s} " cLGN "(%s) " cPIN "[%s]", + afl->crash_mode ? cPIN : cYEL, fuzzer_name, si, afl->use_banner, afl->power_name); #ifdef __linux__ -- cgit 1.4.1 From fd76d6a43304c671422854a062f40c21b0d3d7b1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 28 Sep 2023 15:35:41 +0200 Subject: fix exploit mode on startup --- src/afl-fuzz.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 86c05223..8574b9b3 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2826,7 +2826,9 @@ int main(int argc, char **argv_orig, char **envp) { if (likely(afl->switch_fuzz_mode && afl->fuzz_mode == 0 && !afl->non_instrumented_mode) && - unlikely(cur_time > afl->last_find_time + afl->switch_fuzz_mode)) { + unlikely(cur_time > (likely(afl->last_find_time) ? afl->last_find_time + : afl->start_time) + + afl->switch_fuzz_mode)) { if (afl->afl_env.afl_no_ui) { -- cgit 1.4.1 From 6b73dee7da4e4e8bd227a9cb156c7a683d124682 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 30 Sep 2023 12:42:40 +0200 Subject: add afl-addseeds tool --- GNUmakefile | 2 +- afl-addseeds | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ docs/Changelog.md | 1 + src/afl-fuzz.c | 6 ++++++ 4 files changed, 62 insertions(+), 1 deletion(-) create mode 100755 afl-addseeds (limited to 'src') diff --git a/GNUmakefile b/GNUmakefile index fadf20bd..5fd37147 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -32,7 +32,7 @@ VERSION = $(shell grep '^$(HASH)define VERSION ' ../config.h | cut -d '"' -f # PROGS intentionally omit afl-as, which gets installed elsewhere. PROGS = afl-fuzz afl-showmap afl-tmin afl-gotcpu afl-analyze -SH_PROGS = afl-plot afl-cmin afl-cmin.bash afl-whatsup afl-system-config afl-persistent-config afl-cc +SH_PROGS = afl-plot afl-cmin afl-cmin.bash afl-whatsup afl-addseeds afl-system-config afl-persistent-config afl-cc MANPAGES=$(foreach p, $(PROGS) $(SH_PROGS), $(p).8) afl-as.8 ASAN_OPTIONS=detect_leaks=0 diff --git a/afl-addseeds b/afl-addseeds new file mode 100755 index 00000000..bb2843a8 --- /dev/null +++ b/afl-addseeds @@ -0,0 +1,54 @@ +#!/bin/sh + +test -z "$1" -o "$1" = "-h" -o "$1" = "--help" && { + echo Syntax: afl-addseeds -o afl-out-dir [-i seed_file_or_dir] seed_file_or_seed_dir seed_file_or_seed_dir ... + echo + echo Options: + echo " -o afl-out-dir the output directory being used in the fuzzing campaign" + echo " -i seed_file_or_dir file or directory of files to add" + echo + echo Adds new seeds to an existing AFL++ fuzzing campaign. + exit 0 +} + +for TOOL in find ls; do + X=`which $TOOL` + test -n "$X" || { echo "Error: required tool '$TOOL' not found."; exit 1; } +done + +TEST=`printf %06d 123 2>/dev/null` +test "$TEST" = "000123" || { echo "Error: required tool 'printf' not found."; exit 1; } + +OUT= +NEXT= +for i in $*; do + test -n "$NEXT" && { OUT=$i ; NEXT=""; } + test "$i" = "-o" && { NEXT=1; } +done + +test -d "$OUT" || { echo Error: $OUT is not an existing directory; exit 1; } +OK=`ls $OUT/*/fuzzer_stats 2>/dev/null` +test -n "$OK" || { echo "Error: $OUT is not an 'afl-fuzz -o ... ' output directory" ; exit 1; } + +OUTDIR=$OUT/addseeds/queue +mkdir -p "$OUTDIR" 2>/dev/null +test -d "$OUTDIR" || { echo Error: could not create $OUTDIR ; exit 1 ; } + +echo Adding seeds ... +NEXTID=0 +for i in $*; do + test -z "$i" -o "$i" = "$OUT" -o "$i" = "-i" -o "$i" = "-o" || { + find "$i" -type f | while read FILE; do + N=xxx + while [ -n "$N" ]; do + ID=$NEXTID + N=`ls "$OUTDIR/id:$(printf %06d $ID),"* 2>/dev/null` + NEXTID=$(($NEXTID + 1)) + done + FN=`echo "$FILE" | sed 's/.*\///'` + cp -v "$FILE" "$OUTDIR/id:$(printf %06d $ID),time:0,execs:0,orig:$FN" + done + } +done + +echo Done. diff --git a/docs/Changelog.md b/docs/Changelog.md index dfbadea3..101d380b 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -19,6 +19,7 @@ - fix for a few string compare transform functions for LAF - frida_mode: - fixes support for large map offsets + - added new tool afl-addseeds that adds new seeds to a running campaign - added benchmark/benchmark.sh if you want to see how good your fuzzing speed is in comparison to other setups. diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 8574b9b3..0a6755d7 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1346,6 +1346,12 @@ int main(int argc, char **argv_orig, char **envp) { } + if (strcmp(afl->sync_id, "addseeds") == 0) { + + FATAL("-M/-S name 'addseeds' is a reserved name, choose something else"); + + } + if (afl->is_main_node == 1 && afl->schedule != FAST && afl->schedule != EXPLORE) { -- cgit 1.4.1 From 9a9dbaff72b127cbb974afa4c1781cf8bc015d15 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 2 Oct 2023 14:41:47 +0200 Subject: remove old credits --- src/afl-performance.c | 21 --------------------- 1 file changed, 21 deletions(-) (limited to 'src') diff --git a/src/afl-performance.c b/src/afl-performance.c index 04507410..07c1b527 100644 --- a/src/afl-performance.c +++ b/src/afl-performance.c @@ -1,24 +1,3 @@ -/* - Written in 2019 by David Blackman and Sebastiano Vigna (vigna@acm.org) - - To the extent possible under law, the author has dedicated all copyright - and related and neighboring rights to this software to the public domain - worldwide. This software is distributed without any warranty. - - See . - - This is xoshiro256++ 1.0, one of our all-purpose, rock-solid generators. - It has excellent (sub-ns) speed, a state (256 bits) that is large - enough for any parallel application, and it passes all tests we are - aware of. - - For generating just floating-point numbers, xoshiro256+ is even faster. - - The state must be seeded so that it is not everywhere zero. If you have - a 64-bit seed, we suggest to seed a splitmix64 generator and use its - output to fill s[]. -*/ - #include #include "afl-fuzz.h" #include "types.h" -- cgit 1.4.1 From 1f7f1eff4323720997079d468c9a55096ac2fc3e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 2 Oct 2023 15:52:11 +0200 Subject: fix addseeds test --- src/afl-fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 0a6755d7..2538f4a4 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1346,7 +1346,7 @@ int main(int argc, char **argv_orig, char **envp) { } - if (strcmp(afl->sync_id, "addseeds") == 0) { + if (afl->sync_id && strcmp(afl->sync_id, "addseeds") == 0) { FATAL("-M/-S name 'addseeds' is a reserved name, choose something else"); -- cgit 1.4.1