Original AFL supports black-box coverage-guided fuzzing using QEMU mode. I highly recommend to try it first and if it doesn’t work you can try drAFL tool.
Usage
You need to specify DRRUN_PATH to point to drrun launcher and LIBCOV_PATH to point to libbinafl.so coverage library. You also need to switch off AFL’s fork server (AFL_NO_FORKSRV=1) and probably AFL_SKIP_BIN_CHECK=1. See step 5 in the build section below for more details.
NOTE: Don’t forget that you should use 64-bit DynamoRIO for 64-bit binaries and 32-bit DynamoRIO for 32-bit binaries, otherwise it will not work. To make sure that your target is running under DynamoRIO, you can run it using the following command:
drrun – – <path/to/your/app/> <app_args>
Instrumentation DLL
Instrumentation library is a modified version of winAFL’s coverage library created by Ivan Fratric.
Also Read – Easysploit : Metasploit Automation Easier & Faster Than Ever
Build
Step 1. Clone drAFL repo
git clone https://github.com/mxmssh/drAFL.git /home/max/drAFL
cd /home/max/drAFL
Step 2. Clone and build DynamoRIO
git clone https://github.com/DynamoRIO/dynamorio
mkdir build_dr
cd build_dr/
cmake ../dynamorio/
make -j
cd ..
If you have any problems with DynamoRIO compilation check this page
Step 3. Build coverage tool
mkdir build
cd build
cmake ../bin_cov/ -DDynamoRIO_DIR=../build_dr/cmake
make -j
cd ..
Step 4. Build patched AFL
cd afl/
make
cd ..
Step 5. Configure environment variables and run the target
cd build
mkdir in
mkdir out
echo “AAAA” > in/seed
export DRRUN_PATH=/home/max/drAFL/build_dr/bin64/drrun
export LIBCOV_PATH=/home/max/drAFL/build/libbinafl.so
export AFL_NO_FORKSRV=1
export AFL_SKIP_BIN_CHECK=1
../afl/afl-fuzz -m none -i in -o out — ./afl_test @@
In case of afl_test you should expect 25-30 exec/sec and 1 unique crash in 2-3 minutes.
Why Do We Check Files in Bash? When writing a Bash script, you often work…
If you’re learning Bash scripting, one of the most useful features you’ll come across is…
If you are new to Bash scripting or Linux shell scripting, one of the most…
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…