Shulou(Shulou.com)06/01 Report--

This article mainly shows you "how to fuzzy test the Linux binary code without source code", the content is easy to understand, well-organized, hope to help you solve your doubts, the following let the editor lead you to study and learn how to fuzzy test Linux binary code without source code "this article.

AFL works with DynamoRIO. Yes, it's drAFL. With the help of drAFL, we can fuzzy test LInux binaries without source code.

DrAFL

The original version of AFL supports black-box testing of test targets using QEMU mode, so before using drAFL, the author strongly recommends that you try the original version of AFL first, and then use drAFL if you can't achieve your goals.

Tool use

First, you need to define the DRRUM_PATH value to point to the drrun launcher, and set LIBCOV_PATH to point to the libbinafl.so code override library. In addition, you need to set up AFL's fork server (AFL_NO_FORKSRV=1), or set "AFL_SKIP_BIN_CHECK=1". Please refer to step 5 of the code build section for details.

Note: please note that for 64-bit code base, you need to use 64-bit DynamoRIO, if you are using 32-bit code base, you need to use 32-bit DynamoRIO, otherwise the tool will not work properly. You can use the following command to ensure that the project is running under DynamoRIO:

Drrun-Code Construction

Step 1: clone the drAFL code base locally.

Git clone https://github.com/mxmssh/drAFL.git / home/max/drAFLcd/home/max/drAFL

Step 2: clone and build the DynamoRIO.

Git clone https://github.com/DynamoRIO/dynamoriomkdir build_drcd build_dr/cmake../dynamorio/make-jcd..

If you encounter problems in the compilation of DynamoRIO, you can refer to this [document].

Step 3: build the code coverage tool.

Mkdir buildcd buildcmake. / bin_cov/-DDynamoRIO_DIR=../build_dr/cmakemake-jcd.

Step 4: build AFL.

Cd afl/makecd..

Step 5: configure environment variables and perform scanning tasks.

Cd buildmkdir inmkdir outecho "AAAA" > in/seedexport DRRUN_PATH=/home/max/drAFL/build_dr/bin64/drrunexport LIBCOV_PATH=/home/max/drAFL/build/libbinafl.soexport AFL_NO_FORKSRV=1export AFL_SKIP_BIN_CHECK=1../afl/afl-fuzz-m none-I in-o out -. / afl_test @ @

Note: for the afl_test test sample, it may take about 25-30 seconds to execute.

The above is all the contents of the article "how to fuzzy test Linux binaries without source code". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.